From 0632591996893fe136a1f2fe44d9b9f404f41f3e Mon Sep 17 00:00:00 2001 From: Harald Pfeiffer Date: Thu, 1 Nov 2018 13:30:58 +0100 Subject: Initial commit --- localfs/etc/httpd/conf.d/security.d/csp.conf | 4 ++++ localfs/etc/httpd/conf.d/security.d/hsts.conf | 4 ++++ localfs/etc/httpd/conf.d/security.d/maxconns.conf | 1 + localfs/etc/httpd/conf.d/security.d/signature.conf | 3 +++ 4 files changed, 12 insertions(+) create mode 100644 localfs/etc/httpd/conf.d/security.d/csp.conf create mode 100644 localfs/etc/httpd/conf.d/security.d/hsts.conf create mode 100644 localfs/etc/httpd/conf.d/security.d/maxconns.conf create mode 100644 localfs/etc/httpd/conf.d/security.d/signature.conf (limited to 'localfs/etc/httpd/conf.d/security.d') diff --git a/localfs/etc/httpd/conf.d/security.d/csp.conf b/localfs/etc/httpd/conf.d/security.d/csp.conf new file mode 100644 index 0000000..f26dbc0 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/csp.conf @@ -0,0 +1,4 @@ +Header set Content-Security-Policy: "default-src 'self' 'unsafe-inline'; frame-ancestors 'self' jango104 jango104.domain.de; script-src 'self' jango104 jango104.domain.de 'unsafe-inline'; img-src 'self' jango104 jango104.domain.de; child-src 'self' jango104 jango104.domain.de; font-src 'self' jango104 jango104.domain.de; object-src 'self' jango104 jango104.domain.de; connect-src 'self' jango104 jango104.domain.de;" +#Header always set Content-Security-Policy: "default-src https:; frame-ancestors *.lirion.de;" +#SSLUseStapling On +#SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(32768) diff --git a/localfs/etc/httpd/conf.d/security.d/hsts.conf b/localfs/etc/httpd/conf.d/security.d/hsts.conf new file mode 100644 index 0000000..3276a70 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/hsts.conf @@ -0,0 +1,4 @@ +# Do not use header always set, it would push HSTS to non-HTTPS even though it's in this tree... + + Header set Strict-Transport-Security "max-age=31556926;includeSubDomains;preload" + diff --git a/localfs/etc/httpd/conf.d/security.d/maxconns.conf b/localfs/etc/httpd/conf.d/security.d/maxconns.conf new file mode 100644 index 0000000..c88ca84 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/maxconns.conf @@ -0,0 +1 @@ +#MaxConnection all 10 diff --git a/localfs/etc/httpd/conf.d/security.d/signature.conf b/localfs/etc/httpd/conf.d/security.d/signature.conf new file mode 100644 index 0000000..5c8bc12 --- /dev/null +++ b/localfs/etc/httpd/conf.d/security.d/signature.conf @@ -0,0 +1,3 @@ +#SecServerSignature "Woschdsopp/6.66 mod-banana" +ServerTokens Prod +TraceEnable Off -- cgit v1.2.3