manual:installation:requirements:best_practices

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
manual:installation:requirements:best_practices [2020/11/30 09:06]
marinagen [ZBX-18222] added Content Security Policy
manual:installation:requirements:best_practices [2021/03/17 14:42]
marinagen [ZBX-18006] Correct HTTP to HTTPS redirect for virtual host
Line 78: Line 78:
 <​VirtualHost *:*> <​VirtualHost *:*>
     ServerName example.com     ServerName example.com
-    Redirect permanent / http://​example.com+    Redirect permanent / https://​example.com
 </​VirtualHost>​ </​VirtualHost>​
 </​code>​ </​code>​
Line 171: Line 171:
  
 Since version 3.0.32, some Zabbix frontend elements (for example, the [[:​manual/​config/​visualisation/​screens/​elements#​url|URL screen element]]) are preconfigured to sandbox content retrieved from the URL. It is recommended to keep all sandboxing restrictions enabled to ensure protection against XSS attacks. Since version 3.0.32, some Zabbix frontend elements (for example, the [[:​manual/​config/​visualisation/​screens/​elements#​url|URL screen element]]) are preconfigured to sandbox content retrieved from the URL. It is recommended to keep all sandboxing restrictions enabled to ensure protection against XSS attacks.
 +
 +=== Zabbix Windows agent with OpenSSL ===
 +
 +Zabbix Windows agent compiled with OpenSSL will try to reach the SSL configuration file in c:​\openssl-64bit. The %%"​%%openssl-64bit%%"​%% directory on disk C: can be created by non-privileged users.
 +
 +So for security hardening, it is required to create this directory manually and revoke write access from non-admin users.
 +
 +Please note that the directory names will be different on 32-bit and 64-bit versions of Windows.