diff options
Diffstat (limited to 'localfs/etc/httpd/conf.d/security.d')
| -rw-r--r-- | localfs/etc/httpd/conf.d/security.d/csp.conf | 4 | ||||
| -rw-r--r-- | localfs/etc/httpd/conf.d/security.d/hsts.conf | 4 | ||||
| -rw-r--r-- | localfs/etc/httpd/conf.d/security.d/maxconns.conf | 1 | ||||
| -rw-r--r-- | localfs/etc/httpd/conf.d/security.d/signature.conf | 3 |
4 files changed, 12 insertions, 0 deletions
diff --git a/localfs/etc/httpd/conf.d/security.d/csp.conf b/localfs/etc/httpd/conf.d/security.d/csp.conf new file mode 100644 index 0000000..f26dbc0 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/csp.conf @@ -0,0 +1,4 @@ +Header set Content-Security-Policy: "default-src 'self' 'unsafe-inline'; frame-ancestors 'self' jango104 jango104.domain.de; script-src 'self' jango104 jango104.domain.de 'unsafe-inline'; img-src 'self' jango104 jango104.domain.de; child-src 'self' jango104 jango104.domain.de; font-src 'self' jango104 jango104.domain.de; object-src 'self' jango104 jango104.domain.de; connect-src 'self' jango104 jango104.domain.de;" +#Header always set Content-Security-Policy: "default-src https:; frame-ancestors *.lirion.de;" +#SSLUseStapling On +#SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(32768) diff --git a/localfs/etc/httpd/conf.d/security.d/hsts.conf b/localfs/etc/httpd/conf.d/security.d/hsts.conf new file mode 100644 index 0000000..3276a70 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/hsts.conf @@ -0,0 +1,4 @@ +# Do not use header always set, it would push HSTS to non-HTTPS even though it's in this tree... +<IfModule mod_ssl.c> + Header set Strict-Transport-Security "max-age=31556926;includeSubDomains;preload" +</IfModule> diff --git a/localfs/etc/httpd/conf.d/security.d/maxconns.conf b/localfs/etc/httpd/conf.d/security.d/maxconns.conf new file mode 100644 index 0000000..c88ca84 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/maxconns.conf @@ -0,0 +1 @@ +#MaxConnection all 10 diff --git a/localfs/etc/httpd/conf.d/security.d/signature.conf b/localfs/etc/httpd/conf.d/security.d/signature.conf new file mode 100644 index 0000000..5c8bc12 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/signature.conf @@ -0,0 +1,3 @@ +#SecServerSignature "Woschdsopp/6.66 mod-banana" +ServerTokens Prod +TraceEnable Off |