summaryrefslogtreecommitdiff
path: root/puppet/modules/apache/files/conf.d/Debian/security
diff options
context:
space:
mode:
authorMicah <micah@leap.se>2016-05-24 10:19:28 -0400
committerMicah <micah@leap.se>2016-05-24 10:19:28 -0400
commit7fa061f6ed030a3deb903ea32f23d484210089f0 (patch)
tree7fec9ff67d10f3b3f8ab19cbfb7a5e21edd9fbb5 /puppet/modules/apache/files/conf.d/Debian/security
parent8f1fd7c7e042539f3095541b8859276e4dad6629 (diff)
parent807877b736c5f56689229b31024861f19a9b0ac6 (diff)
Merge commit '807877b736c5f56689229b31024861f19a9b0ac6' as 'puppet/modules/apache'
Diffstat (limited to 'puppet/modules/apache/files/conf.d/Debian/security')
-rw-r--r--puppet/modules/apache/files/conf.d/Debian/security50
1 files changed, 50 insertions, 0 deletions
diff --git a/puppet/modules/apache/files/conf.d/Debian/security b/puppet/modules/apache/files/conf.d/Debian/security
new file mode 100644
index 00000000..55b3e519
--- /dev/null
+++ b/puppet/modules/apache/files/conf.d/Debian/security
@@ -0,0 +1,50 @@
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages. It will be made the default for the release after lenny.
+#
+#<Directory />
+# AllowOverride None
+# Order Deny,Allow
+# Deny from all
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of: Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+#ServerTokens Minimal
+ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+#
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of: On | Off | extended
+#
+#TraceEnable Off
+TraceEnable On
+