diff options
author | H. P. <harald.pfeiffer _æ_ xmart.de> | 2018-11-01 13:30:58 +0100 |
---|---|---|
committer | H. P. <harald.pfeiffer _æ_ xmart.de> | 2018-11-01 13:30:58 +0100 |
commit | 0632591996893fe136a1f2fe44d9b9f404f41f3e (patch) | |
tree | 7340edbe7c212da3db45a83219147143a3268c8d /localfs/etc/httpd/conf.d/security.d | |
download | fedora-laptop-0632591996893fe136a1f2fe44d9b9f404f41f3e.tar.bz2 |
Initial commit
Diffstat (limited to 'localfs/etc/httpd/conf.d/security.d')
-rw-r--r-- | localfs/etc/httpd/conf.d/security.d/csp.conf | 4 | ||||
-rw-r--r-- | localfs/etc/httpd/conf.d/security.d/hsts.conf | 4 | ||||
-rw-r--r-- | localfs/etc/httpd/conf.d/security.d/maxconns.conf | 1 | ||||
-rw-r--r-- | localfs/etc/httpd/conf.d/security.d/signature.conf | 3 |
4 files changed, 12 insertions, 0 deletions
diff --git a/localfs/etc/httpd/conf.d/security.d/csp.conf b/localfs/etc/httpd/conf.d/security.d/csp.conf new file mode 100644 index 0000000..f26dbc0 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/csp.conf @@ -0,0 +1,4 @@ +Header set Content-Security-Policy: "default-src 'self' 'unsafe-inline'; frame-ancestors 'self' jango104 jango104.domain.de; script-src 'self' jango104 jango104.domain.de 'unsafe-inline'; img-src 'self' jango104 jango104.domain.de; child-src 'self' jango104 jango104.domain.de; font-src 'self' jango104 jango104.domain.de; object-src 'self' jango104 jango104.domain.de; connect-src 'self' jango104 jango104.domain.de;" +#Header always set Content-Security-Policy: "default-src https:; frame-ancestors *.lirion.de;" +#SSLUseStapling On +#SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(32768) diff --git a/localfs/etc/httpd/conf.d/security.d/hsts.conf b/localfs/etc/httpd/conf.d/security.d/hsts.conf new file mode 100644 index 0000000..3276a70 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/hsts.conf @@ -0,0 +1,4 @@ +# Do not use header always set, it would push HSTS to non-HTTPS even though it's in this tree... +<IfModule mod_ssl.c> + Header set Strict-Transport-Security "max-age=31556926;includeSubDomains;preload" +</IfModule> diff --git a/localfs/etc/httpd/conf.d/security.d/maxconns.conf b/localfs/etc/httpd/conf.d/security.d/maxconns.conf new file mode 100644 index 0000000..c88ca84 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/maxconns.conf @@ -0,0 +1 @@ +#MaxConnection all 10 diff --git a/localfs/etc/httpd/conf.d/security.d/signature.conf b/localfs/etc/httpd/conf.d/security.d/signature.conf new file mode 100644 index 0000000..5c8bc12 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/signature.conf @@ -0,0 +1,3 @@ +#SecServerSignature "Woschdsopp/6.66 mod-banana" +ServerTokens Prod +TraceEnable Off |