diff options
author | Micah Anderson <micah@leap.se> | 2014-04-22 14:13:46 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2014-04-22 14:13:46 -0400 |
commit | 327d5c934e408f90011d7949b89ab01fed88998e (patch) | |
tree | 77cfefffc8f9ffe160c4413b26dd5ca5cdd6f1e8 /puppet/modules/site_apache/files | |
parent | ca11482dd7cd4ea8ffa69407ee2fd5b5e1b7981b (diff) | |
parent | 4295f334ea4f92d7fb47f7121a42633630c368d1 (diff) |
Merge branch 'develop' (0.5.0)
Conflicts:
.gitignore
Change-Id: I778f3e1f1f4832f5894bc149ead67e9a4becf304
Diffstat (limited to 'puppet/modules/site_apache/files')
-rw-r--r-- | puppet/modules/site_apache/files/conf.d/security | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/puppet/modules/site_apache/files/conf.d/security b/puppet/modules/site_apache/files/conf.d/security new file mode 100644 index 00000000..a5ae5bdc --- /dev/null +++ b/puppet/modules/site_apache/files/conf.d/security @@ -0,0 +1,55 @@ +# +# Disable access to the entire file system except for the directories that +# are explicitly allowed later. +# +# This currently breaks the configurations that come with some web application +# Debian packages. It will be made the default for the release after lenny. +# +#<Directory /> +# AllowOverride None +# Order Deny,Allow +# Deny from all +#</Directory> + + +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +# +#ServerTokens Minimal +ServerTokens Prod + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +#ServerSignature Off +ServerSignature Off + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +# +#TraceEnable Off +TraceEnable On + +# Setting this header will prevent other sites from embedding pages from this +# site as frames. This defends against clickjacking attacks. +# Requires mod_headers to be enabled. +# +Header set X-Frame-Options: "DENY" |