Close

You should configure web server with this tools guide

For you guys that configure a web server, of course we want a good server which is secure fast and mach with search engine optimizing (SEO).

SEO Online Tools Web Server Configuration Check

I found this online web server check https://tools.keycdn.com/http2-test it’s very helpful to me to know if my server configuration is up to date with earlier information technology regarding web server.

You can check modul:

  • Web (Online Website Tools Analyzer)

  1. Website Speed Test FULL PAGE SPEED TEST

    What is the Website Speed Test tool?

    The Website Speed Test tool is a full page speed test that can be performed from 10 different locations around the world. It allows the performance of any HTML page to be tested and measured. The results returned will give a breakdown of the requests, content size, and loading time. In addition there is a complete waterfall that details the timings and HTTP headers of each asset.

    The Website Speed Test tool can be used to evaluate the performance of your website to see where improvements can be made. Consider adding KeyCDN to your stack to significantly reduce the latency of your website.

    What HTTP status codes are there?

    • 2xx Successful
    • 3xx Redirection
    • 4xx Client error
    • 5xx Server error
    • error Connection error

    What content types are there?

    • HTML page
    • JavaScript file
    • CSS file
    • Image file
    • Video file
    • Font file
    • Other file
  2. Performance Test URL SPEED

    What is the Performance Test tool?

    The Performance Test tool is a single asset performance test that can be performed from 10 different locations around the world. It allows the performance of any URL to be tested and measured. The results returned will give a breakdown of the loading times and HTTP response headers.

    The Performance Test tool can be used to evaluate the performance of a single asset to see where improvements can be made. Consider adding KeyCDN to your stack to significantly reduce the latency of your website.

    What timings are there?

    • DNS – Returns domain name system (DNS) lookup time.
    • Connect – Time it takes to connect to the server.
    • TLS – Overhead of TLS connection on the individual asset.
    • TTFB – Time it takes from when a client makes an HTTP request to it receiving its first byte of data from the server.
  3. HTTP Header Checker ANALYZE HTTP RESPONSE HEADERS

    What is the HTTP Header Checker tool?

    The HTTP Header Checker tool is an online curl test. It allows the HTTP response headers of any URL to be analyzed. Optionally send custom Referer and X-Pull request headers as well as content encoding options, like Brotli and Gzip. The results returned will give the complete curl output.

    The HTTP Header Checker tool can be used to verify server configurations, like checking whether or not hotlink protection and file compression has been set up correctly.

    What HTTP status codes are there?

    • 2xx Successful
    • 3xx Redirection
    • 4xx Client error
    • 5xx Server error
    • error Connection error

    What is curl?

    curl is an open source command line tool used for transferring data with URL syntax, like in the case of this tool, HTTP and HTTPS requests.

     

  4. HTTP/2 Test VERIFY HTTP/2 SUPPORT

    What is HTTP/2?

    HTTP/2 is the first major HTTP protocol update since 1997 when HTTP/1.1 was first published by the IETF. The new HTTP protocol is needed to keep up with the exponential growth of the web. The successor of HTTP/1.1 brings significant improvement in efficiency, speed and security and is supported by most modern web browsers. A list of browsers that support HTTP/2 can be found on caniuse.com.

    • HTTP/2 is binary, instead of textual.
    • It is fully multiplexed, sending multiple requests in parallel over a single TCP connection.
    • It uses header compression HPACK to reduce overhead.
    • It allows servers to “push” responses proactively into client caches instead of waiting for a new request for each resource
    • It uses the new ALPN extension which allows for faster-encrypted connections since the application protocol is determined during the initial connection.
    • It reduces additional round trip times (RTT), making your website load faster without any optimization.
    • Domain sharding and asset concatenation is no longer needed with HTTP/2.

    HTTP/2 introduces other improvements, more details: HTTP/2 RFC7540

    This test can check HTTP and HTTPS but most browsers only support HTTP/2 for HTTPS, which means you must migrate to HTTPS if you want to take advantage of the performance benefits.

    Does this test also verify SPDY?

    Not directly, but it tests which TLS extension is supported to negotiate the protocols. The tested TLS extensions are either NPN or ALPN. Next Protocol Negotiation (NPN) appeared as part of the SPDY protocol but it has been deprecated. Application Layer Protocol Negotiation (ALPN) is the successor of NPN and is approved by the IETF (RFC7301). However, NPN advertises the supported protocols from the server to the client and this test will show the advertised protocols if HTTP/2 is not supported. The protocol advertising has been reversed in ALPN (client to server). The first phase of this HTTP/2 check runs the ALPN test with only H2 in the protocol list.

    How to test HTTP/2 via command line?

    Get the latest curl release and use this command: curl --http2.

  5.  Brotli Test VERIFY BROTLI COMPRESSION SUPPORT

    What is Brotli compression?

    Brotli is a new open source compression algorithim developed by Google as an alternative to Gzip, Zopfli, and Deflate. Google’s case study on Brotli has shown compression ratios of up to 26% smaller than current methods, with less CPU usage.

    Brotli Support

    Both the server and the client (browser) must be Brotli compatible to take advantage of smaller file sizes and be running over an HTTPS connection. Brotli compression is currently supported by the following browsers:

    • Google Chrome: Chrome 49+
    • Mozilla Firefox: Firefox 44+
    • Opera: Opera 36+

    Brotli Test Tool

    With our tool you can quickly check if your web server is sending the Brotli compressed payload to your clients. Negotiation is done via the Accept-Encoding: br request header. Servers can add “br” to Content-Encoding: br to encode a response with Brotli.

     

  • Network (Online Network Tools Analyzer)

  1. IP Location Finder LOOKUP IP ADDRESS OR HOSTNAME

    What is IP Geolocation?

    IP geolocation is the mapping of an IP address to the geographic location of the internet from the connected device. By geographically mapping the IP address, it provides you with location information such as the country, state, city, zip code, latitude/longitude, ISP, area code, and other information.

    How does the IP Location Finder work?

    ARIN’s WHOIS service gives contact and registration information for IP addresses and is freely available to access. When a company acquires a block of IP addresses, a request is submitted and then those IPs are assigned to the requested ISP.

    The IP geoloaction data gets updated automatically and includes data created by MaxMindManual updates are not possible.

    How accurate is IP Geolocation?

    There are many different IP location databases in which you can pull from. Most vendors claim a 98% or higher accuracy. IP mapping to specific cities can sometimes vary slightly based upon the location of the nearest ISP provider’s network hub.

    Does it support IPv6 location lookups?

    Yes, IPv6 geoloaction is supported as well. Just enter a valid address above to perform the IPv6 lookup.

  2. DNS Checker IP OR HOSTNAME LOOKUP

    EDNS Client Subnet Check

    An open IETF standard edns-client-subnet was developed in order to better direct content to users and lower latency in cooperation between recursive DNS services and CDN providers. For example, when using Open DNS or Google Public DNS, and you visit a website served from a CDN provider which supports EDNS client subnet, like KeyCDN, a truncated version of your IP is added to the DNS request, which then routes the client based on the geo location of the client subnet to the most optimal server.

    What is a DNS?

    DNS, which stands for domain name system, is an Internet service that translates domains names into IP addresses. This query is performed by a Domain Name Server (DNS server) or servers nearby that have been assigned responsibility for that hostname. You can think of a DNS server as a phone book for the internet. A DNS server maintains a directory of domain names and translates them to IPs.

    Common DNS Records

    • A: Indicates the IP address of the domain.
    • AAAA: IPV6 address record.
    • CNAME: Canonical name, used for making a domain alias.
    • NS: Name server, indicates which name server is authoritative for the domain.
    • MX: Mail exchange, a list of mail exchange servers used for the domain.
    • TXT: Administrator record use for domain facts and verifications.
    • SRV: Service, defines the TCP service the domain operates on.
    • PTR: Pointer record, maps an IPv4 address to CNAME.
    • SOA: State of authority, stores information about when domain was updated.
  3. Ping Test IP OR HOSTNAME PING

    How Can I Improve My Ping Times?

    Ping times, also referred to as website latency, can be reduced using a few different techniques as described below.

    • Reducing number of HTTP requests
    • Add Expires or Cache-Control Header
    • Gzip Components
    • Utilize a CDN to reduce website latency by caching website assets on global edge servers (POPs)
    • Take advantage of HTTP/2 by minimizing the amount of round trips from the sender to the receiver and with parallelized transfers

    What is Ping?

    Ping is a utility used to send out ICMP packets to an address to see how fast the response is (and if one even exists). Ping is important when it comes to website latency as it corresponds with the delay time (in milliseconds) for how long it takes the data to travel across the internet, to its destination address, and then back to you. A faster ping means a more responsive connection.

  4. Ping IPv6 Test IPV6 OR HOSTNAME PING

    Using the IPv6 Ping Test

    The IPv6 Ping test is very similiar to our Ping Test tool but in this case it allows you to ping an IPv6 host or IP simultaneously from different locations. Ping is important when it comes to website latency. The tool sends out ICMP packets to an address to see how fast the response is. A faster ping means a more responsive connection.

    Example of an IPv6 address (www.google.com): 2a00:1450:400a:804::2004

    How to do an IPv6 Ping on the CLI?

    Just use the command ping6 tools.keycdn.com. It might is required to specify the interface with the argument -I eth0 (replace eth0 with the appropriate interface).

  5. Traceroute Test TRACE ANY IP OR HOSTNAME

    Using the Traceroute Tool

    This tool is typically used to diagnose hiccups or interruptions in the transfer of data and pinpoint where along the chain it occurred. This IPv4 or IPv6 traceroute is unique in that it allows you to simultaneously test different locations at once. This lets you quickly determine if there is any packet loss or unexpected latency to the given IP or hostname. A CDN can help dramatically reduce latency by minimizing the distance between hops.

    What is Traceroute?

    Traceroute, also called tracert, is a utility that uses ICMP packets to record the route through the internet from one computer to another. It calculates the time taken for each hop as the packet is routed to the destination. To guarantee accuracy, each hop is queried multiple times (in this case four times) to better measure the response of that particular hop.

    Traceroute Directory#

    BY COUNTRY

  6. BGP Looking Glass DIRECTORY

    A comprehensive list of BGP looking glass servers located in various geographic regions.

    What Is BGP Looking Glass?#

    BGP, also known as Border Gateway Protocol, is the routing protocol of the Internet. A BGP looking glass tool is software installed on a looking glass server which can be accessed remotely to provide routing information. The looking glass servers access routers, which belong to the looking glass service provider, and return information regarding BGP routing tables. This information is used for verifying routes are properly configured and propagated.

    How Do I Use BGP Looking Glass?#

    Many looking glass tools also come with the option to perform a traceroute command, ping command, etc. Ensure that you have selected the BGP option and enter the IP address you wish to test against in the query or argument field. The BGP looking glass tool will then return an output which displays the amount of available paths and best paths from the router’s network to your defined network. Additionally, it will also display the path the router would take to get to your AS (autonomous system).

 

  • Security (Online Tools For Security Scanner)

  1. Certificate Checker CERTIFICATE DECODER

    What are Intermediate Certificates?

    The list of SSL certificates, from the root certificate to the end-user certificate, represents an SSL certificate chain, or intermediate certificate. These must be installed to a web server with a primary certificate so that your browser can link it to a trusted authority. They are used in Custom SSL zone configurations.

    You can use the tool above to decode your SSL certificate to check if you are missing an intermediate certificate.

    Missing Intermediate SSL certificate?

    If you don’t install an intermediate SSL certificate web browsers will display an “Invalid certificate” or “certificate not trusted” error. You can use our Certificate Chain Composer tool to get your intermediate certificates.

  2. Certificate Chain Composer GENERATE INTERMEDIATE CERTIFICATE

    Get Your Certificate Chain

    If you have missing chain certificates or don’t know what they are, you can use the certificate chain composer tool above to fetch them. Simply paste in the contents of your .crt file and it will return your complete certificate including the intermediate certificates. You can then install them on your web server or CDN provider. It will also return the decoded certificate.

    What is a Certificate Chain?

    The list of SSL certificates, from the root certificate to the end-user certificate, represents a SSL certificate chain, or intermediate certificate. These must be installed to a web server along with a primary certificate. If they aren’t installed web browsers will display an “Invalid certificate” or “certificate not trusted” error. You can use our Certificate Checker tool to validate your chain.

  3. SHA256 Generator GENERATE A SHA256 HASH

    SHA256 Results

    The SHA256 online generator allows you to instantly generate a SHA256 (32-byte) hash of any string or input value, which is then returned as a hexadecimal number of 64 digits.

    What is SHA256?

    SHA, which stands for secure hash algorithm, is a cryptographic hashing algorithm used to determine the integrity of a particular piece of data. SHA256 has become a successor to that of SHA1 because it is currently much more resistant to collision attacks, as it is able to generate a longer hash which is harder to break.

    Typical Uses for SHA256

    The hashing is a one-way method making it almost impossible to decrypt. This in turn means that SHA256 is ideal for challenge hash authentication, finger-printing, password validation, digital signatures, uniquely identifying files, and as checksums to detect accidental data corruption.

  4. SSL FREAK Test CVE-2015-0204

    What is the FREAK SSL attack?

    Tuesday 2015/03/03 – Researchers of miTLS team (joint project between Inria and Microsoft Research) disclosed a new SSL/TLS vulnerability — the FREAK SSL attack (CVE-2015-0204). The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered.

    Read more about the FREAK SSL attack.

    How to eliminate the vulnerability?

    Upgrade the OpenSSL version to at least 1.02.

  5. TLS Logjam Test CVE-2015-4000

    What is the Logjam TLS attack?

    The Logjam attack (CVE-2015-4000) is against the TLS Protocol. That means it affects services that are using TLS. The attack gives a man-in-the-middle attacker the possibility to downgrade weak TLS connections to 512-bit exchange key cryptography. The attacker can read and manipulate the data, which is transferred between the peers using a TLS “secured” connection. The attack has similarities to the FREAK attack, but it is important to note that this is a flaw in the TLS protocol and not a vulnerability due to the implementation itself. It attacks a Diffie-Hellman (DH) key exchange. A server, respectively the services using TLS, that allows (have configured) DHE_EXPORT ciphers can be attacked. This impacts also all modern web browsers. According to the researchers are 8.4% of the “Top 1 Million” domains affected.

    Read more about the Logjam TLS attack.

    How to eliminate Logjam vulnerability?

    Remove the weak ciphers from the accepted cipher list. This need to be done for each service that uses TLS (e.g. Apache, nginx, lighttpd, postfix, dovecot, sendmail, Microsoft IIS, etc). Detailed configuration examples could be found here: Guide to Deploying Diffie-Hellman for TLS

    How to test Logjam via command line?

    OpenSSL: openssl s_client -connect www.example.com:443 -cipher 'EXP'

    nmap: nmap --script ssl-enum-ciphers -p 443 www.example.com

  • Other Online Web Tools

  1. Epoch Converter UNIX EPOCH TIME CONVERTER

    What is Epoch Time?

    Epoch time, also known as Unix time or POSIX time, is the amount of time in seconds that has elapsed since January 1st, 1970 (00:00:00 UTC). It is important to note that this time does not change no matter where you are geographically located, which is why it is useful for online applications that are tracking time. It also allows you to programmatically and mathematically compare dates with other measures of time. Unix time may be checked on most Unix systems by typing date +%s on the command line.

    UNIX Epoch Timestamp

    The purpose of the online Epoch time converter is to output the UNIX Epoch timestamp into a human readable date/time, in both local time or GMT/UTC. For example, a UNIX system might record the timestamp as 1459734769 which does not mean much to the normal user. Once converted, to say a format of Y-m-d H:i:sP, it results in an output of 2016-04-03 18:52:49-07:00. This can then be easily manipulated and used to display to users.

  2. Hex Converter CONVERT HEXADECIMAL AND DECIMAL

    What is the Hex System?

    The hex system, or hexadecimal, is a number system of base 16. Because the decimal system only has 10 digits, the extra 6 digits are represented by the first 6 letters in the alphabet. For example, a hex value of B would be represented as 11 in decimal form, or binary value of 1011. Hexadecimal is an easy way to express binary numbers in modern computers in which a byte is usually defined as containing eight binary digits.

    What is the Decimal System?

    The decimal system, is one of the oldest and most commonly used numbers systems today. It is also known as base 10 numbering since it is based on 10 single digits: 0,1,2,3,4,5,6,7,8,9. For example, a decimal value of 11 would be represented as a hex value of B, or binary value of 1011.

    Hex Converter Results

    The online hex converter tool allows you to instantly convert a hex to decimal value as well as a decimal to hex value. It also outputs the conversion to binary.

That’s it guys, some available good stuff to check your web server configurations. Hopefully it’s useful for all of you…

Webserver
Webserver

 

This post is also available in: Indonesian

Silakan berikan komentar, pertanyaan, maupun sanggahan. InsyaAllah dibalas secepatnya.

© Just Shared on Tel-U | WordPress Theme: Annina Free by CrestaProject.