Mercurial > repos > other > Puppet
view modules/apache/templates/httpd.conf.erb @ 106:ef0926ee389a puppet-3.6
Lock down Apache headers for security, based on https://securityheaders.io/
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sat, 14 May 2016 17:10:10 +0100 |
parents | 37675581a273 |
children | 675c1cc61eaf |
line wrap: on
line source
# Security ServerTokens <%= @server_tokens %> ServerSignature <%= scope.function_bool2httpd([@server_signature]) %> TraceEnable <%= scope.function_bool2httpd([@trace_enable]) %> ServerName "<%= @servername %>" ServerRoot "<%= @server_root %>" PidFile <%= @pidfile %> Timeout <%= @timeout %> KeepAlive <%= @keepalive %> MaxKeepAliveRequests <%= @max_keepalive_requests %> KeepAliveTimeout <%= @keepalive_timeout %> User <%= @user %> Group <%= @group %> AccessFileName .htaccess <FilesMatch "^\.ht"> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all denied <%- else -%> Order allow,deny Deny from all Satisfy all <%- end -%> </FilesMatch> <Directory /> Options FollowSymLinks AllowOverride None </Directory> DefaultType none HostnameLookups Off ErrorLog "<%= @logroot %>/<%= @error_log %>" LogLevel <%= @log_level %> EnableSendfile <%= @sendfile %> <%- if @allow_encoded_slashes -%> AllowEncodedSlashes <%= @allow_encoded_slashes %> <%- end -%> #Listen 80 <% if @apxs_workaround -%> # Workaround: without this hack apxs would be confused about where to put # LoadModule directives and fail entire procedure of apache package # installation/reinstallation. This problem was observed on FreeBSD (apache22). #LoadModule fake_module libexec/apache22/mod_fake.so <% end -%> Include "<%= @mod_load_dir %>/*.load" <% if @mod_load_dir != @confd_dir and @mod_load_dir != @vhost_load_dir -%> Include "<%= @mod_load_dir %>/*.conf" <% end -%> Include "<%= @ports_file %>" LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent <% if @log_formats and !@log_formats.empty? -%> <%- @log_formats.sort.each do |nickname,format| -%> LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> IncludeOptional "<%= @confd_dir %>/*.conf" <%- else -%> Include "<%= @confd_dir %>/*.conf" <%- end -%> <% if @vhost_load_dir != @confd_dir -%> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> IncludeOptional "<%= @vhost_load_dir %>/*" <%- else -%> Include "<%= @vhost_load_dir %>/*" <%- end -%> <% end -%> <% if @error_documents -%> # /usr/share/apache2/error on debian Alias /error/ "<%= @error_documents_path %>/" <Directory "<%= @error_documents_path %>"> AllowOverride None Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny Allow from all <%- end -%> LanguagePriority en cs de es fr it nl sv pt-br ro ForceLanguagePriority Prefer Fallback </Directory> ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var ErrorDocument 410 /error/HTTP_GONE.html.var ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var <% end -%>