Mengoptimalkan Header Keamanan pada Website Server OpenLiteSpeed Menggunakan Hardening Berbasis OWASP
DOI:
https://doi.org/10.61805/fahma.v24i2.204Keywords:
OpenLiteSpeed, OWASP Hardening, Security Header OptimizationAbstract
Web service security is essential for maintaining the confidentiality, integrity, and availability of data in modern digital environments. Improperly configured web servers are vulnerable to various security threats, including injection attacks, Cross-Site Scripting (XSS), and brute-force attacks. OpenLiteSpeed is widely adopted due to its high performance; however, its default configuration may still expose security vulnerabilities. This study aims to enhance the security of OpenLiteSpeed web services running on Ubuntu Server through the implementation of OWASP-based hardening techniques, with a particular focus on security header optimization. The novelty of this research lies in the implementation of customized security header configurations, including Content Security Policy (CSP), X-Frame-Options, and HTTP Strict Transport Security (HSTS), tailored to application requirements. An experimental approach was employed, involving vulnerability assessment, firewall configuration, SSL/TLS implementation, permission management, security header optimization, and comparative security testing using OWASP ZAP before and after hardening. The results demonstrate a significant reduction in both the number and severity of vulnerabilities, confirming the effectiveness of OWASP-based hardening in strengthening Linux-based web server security.
Downloads
References
F. A. Sya'bani and F. Rahma, "Hardening Sistem Informasi XYZ Menggunakan Framework OWASP," AUTOMATA, vol. 3, no. 2, 2022.
M. Wisnu and B. Soewito, "Security Assessment Based on OWASP Top 10 Using SonarQube and ZAP on Export and Import Applications in the LNSW," INTENSIF: Jurnal Ilmiah Penelitian dan Penerapan Teknologi Sistem Informasi, vol. 10, no. 1, pp. 36-53, 2026. https://doi.org/10.29407/intensif.v10i1.25294
A. Echeverr'ia, C. Cevallos, I. Ortiz-Garces, and R. O. Andrade, "Cybersecurity model based on hardening for secure internet of things implementation," Applied Sciences, vol. 11, no. 7, p. 3260, 2021. https://doi.org/10.3390/app11073260
M. Y. Firnanda, H. E. Wahanani, and A. Junaidi, "Website Security Testing Using PTES Method and OWASP Top 10 Approach," bit-Tech, vol. 8, no. 1, pp. 404-415, 2025. https://doi.org/10.32877/bt.v8i1.2564
M. F. Yusuf, I. R. Hikmah, S. U. Sunaringtyas, and others, "Security Testing of XYZ Website Application Using ISSAF and OWASP WSTG v4. 2 Methods," Teknika, vol. 14, no. 1, pp. 66-77, 2025. https://doi.org/10.34148/teknika.v14i1.1156
R. Rahman, M. Farel, and M. D. Sopan, "IMPLEMENTASI HARDENING SERVER LINUX UNTUK MENGURANGI RISIKO SERANGAN SIBER," Jurnal Riset Sistem Informasi, vol. 3, no. 2, pp. 39-44, 2026. https://doi.org/10.69714/c4atnn70
A. Hidayat and I. P. Saputra, "PENETRASI TESTING DAN SECURITY HARDENING PORT SMB WINDOWS 7 PADA SERVER NEO FEEDER UNIVERSITAS XYZ," Bulletin of Network Engineer and Informatics, vol. 3, no. 1, pp. 16-23, 2025. https://doi.org/10.59688/bufnets.v3i1.67
OWASP Top 10 Team, "The Ten Most Critical Web Application Security Risks." Accessed: May 20, 2026. [Online]. Available: https://owasp.org/Top10/2025/
M. M. Mlyatu and C. Sanga, "Secure web application technologies implementation through hardening security headers using automated threat modelling techniques," Journal of Information Security, vol. 14, no. 01, pp. 1-15, 2023. https://doi.org/10.4236/jis.2023.141001
F. T. Vierino, H. E. Wahanani, and A. Junaidi, "Evaluating Web Application Security Using OWASP Top 10 and NIST SP 800-115," bit-Tech, vol. 8, no. 3, pp. 3754-3764, 2026. https://doi.org/10.32877/bt.v8i3.3702
F. Faisal and A. S. Aziz, "Analisis Kinerja Web Server Apache, Nginx, Open Litespeed, Dan Open Resty," JOURNAL OF INFORMATICS AND COMPUTER SCIENCE, vol. 11, no. 1, pp. 1-9, 2025.
J. Vihervaara and M. Valkama, "HTTP HEADER FIELDS AND THEIR VERSATILE USE," 2024.
S. Junghare and M. Dube, "Strengthening E-Learning Security: A Study on the Implementation and Efficacy of HTTP Security Headers in e-learning platforms".
S. A.-L. Akacha and A. I. Awad, "Enhancing security and sustainability of e-learning software systems: A comprehensive vulnerability analysis and recommendations for stakeholders," Sustainability, vol. 15, no. 19, p. 14132, 2023. https://doi.org/10.3390/su151914132
A. Mileva, D. Bikov, B. Tasheva, and A. Brashnarova, "HTTP Security Headers Analysis of Several Macedonian Website Categories," Computer Science Journal of Moldova, vol. 97, no. 1, pp. 3-29, 2025. https://doi.org/10.56415/csjm.v33.01
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Sugiyatno Sugiyatno, Untung Subagyo (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
