From 293cdaee6db4a4d0b13a56fcd047819d60f38ce2 Mon Sep 17 00:00:00 2001 From: Micah Date: Thu, 16 Jun 2016 12:24:01 -0400 Subject: Disable the Trace method (#8195) The Trace method is enabled because of the Apache module, but it is not the default in Debian, and it should not be enabled, for more information see the following: https://www.kb.cert.org/vuls/id/867593 Change-Id: I06a06ae679dbf7049f26a017125b61e5e38f6268 --- puppet/modules/site_apache/files/conf.d/security | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_apache/files') diff --git a/puppet/modules/site_apache/files/conf.d/security b/puppet/modules/site_apache/files/conf.d/security index a5ae5bdc..fdcf6270 100644 --- a/puppet/modules/site_apache/files/conf.d/security +++ b/puppet/modules/site_apache/files/conf.d/security @@ -45,8 +45,8 @@ ServerSignature Off # # Set to one of: On | Off | extended # -#TraceEnable Off -TraceEnable On +TraceEnable Off +#TraceEnable On # Setting this header will prevent other sites from embedding pages from this # site as frames. This defends against clickjacking attacks. -- cgit v1.2.3 From 8116e007cfd4dbee8282247348cf45473dcde45e Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 31 Aug 2016 14:54:46 -0700 Subject: added support for Let's Encrypt --- puppet/modules/site_apache/files/conf.d/acme.conf | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 puppet/modules/site_apache/files/conf.d/acme.conf (limited to 'puppet/modules/site_apache/files') diff --git a/puppet/modules/site_apache/files/conf.d/acme.conf b/puppet/modules/site_apache/files/conf.d/acme.conf new file mode 100644 index 00000000..cdddf53e --- /dev/null +++ b/puppet/modules/site_apache/files/conf.d/acme.conf @@ -0,0 +1,10 @@ +# +# Allow ACME certificate verification if /srv/acme exists. +# + + Alias "/.well-known/acme-challenge/" "/srv/acme/" + + Require all granted + Header set Content-Type "application/jose+json" + + -- cgit v1.2.3