Premier commit
This commit is contained in:
“Albert
73
roles/gestsup/files/security.conf
Normal file
73
roles/gestsup/files/security.conf
Normal file
@@ -0,0 +1,73 @@
|
||||
#
|
||||
# Disable access to the entire file system except for the directories that
|
||||
# are explicitly allowed later.
|
||||
#
|
||||
# This currently breaks the configurations that come with some web application
|
||||
# Debian packages.
|
||||
#
|
||||
#<Directory />
|
||||
# AllowOverride None
|
||||
# Require all denied
|
||||
#</Directory>
|
||||
|
||||
|
||||
# Changing the following options will not really affect the security of the
|
||||
# server, but might make attacks slightly more difficult in some cases.
|
||||
|
||||
#
|
||||
# ServerTokens
|
||||
# This directive configures what you return as the Server HTTP response
|
||||
# Header. The default is 'Full' which sends information about the OS-Type
|
||||
# and compiled in modules.
|
||||
# Set to one of: Full | OS | Minimal | Minor | Major | Prod
|
||||
# where Full conveys the most information, and Prod the least.
|
||||
#ServerTokens Minimal
|
||||
ServerTokens Prod
|
||||
#ServerTokens Full
|
||||
|
||||
#
|
||||
# Optionally add a line containing the server version and virtual host
|
||||
# name to server-generated pages (internal error documents, FTP directory
|
||||
# listings, mod_status and mod_info output etc., but not CGI generated
|
||||
# documents or custom error documents).
|
||||
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
|
||||
# Set to one of: On | Off | EMail
|
||||
#ServerSignature Off
|
||||
ServerSignature On
|
||||
|
||||
#
|
||||
# Allow TRACE method
|
||||
#
|
||||
# Set to "extended" to also reflect the request body (only for testing and
|
||||
# diagnostic purposes).
|
||||
#
|
||||
# Set to one of: On | Off | extended
|
||||
TraceEnable Off
|
||||
#TraceEnable On
|
||||
|
||||
#
|
||||
# Forbid access to version control directories
|
||||
#
|
||||
# If you use version control systems in your document root, you should
|
||||
# probably deny access to their directories. For example, for subversion:
|
||||
#
|
||||
#<DirectoryMatch "/\.svn">
|
||||
# Require all denied
|
||||
#</DirectoryMatch>
|
||||
|
||||
#
|
||||
# Setting this header will prevent MSIE from interpreting files as something
|
||||
# else than declared by the content type in the HTTP headers.
|
||||
# Requires mod_headers to be enabled.
|
||||
#
|
||||
#Header set X-Content-Type-Options: "nosniff"
|
||||
|
||||
#
|
||||
# Setting this header will prevent other sites from embedding pages from this
|
||||
# site as frames. This defends against clickjacking attacks.
|
||||
# Requires mod_headers to be enabled.
|
||||
#
|
||||
#Header set X-Frame-Options: "sameorigin"
|
||||
|
||||
|
||||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
||||
Reference in New Issue
Block a user