Mercurial > repos > other > Puppet

view modules/website/files/zzz-custom.conf @ 106:ef0926ee389a puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Lock down Apache headers for security, based on https://securityheaders.io/
author IBBoard <dev@ibboard.co.uk>
date Sat, 14 May 2016 17:10:10 +0100
parents 5d6111879862
children
line wrap: on
line source

SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

DirectoryIndex index.php index.html

AddType image/x-icon .ico

ExpiresActive On
ExpiresByType image/jpeg "access plus 2 weeks"
ExpiresByType image/gif "access plus 2 weeks"
ExpiresByType image/png "access plus 2 weeks"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"

<ifModule mod_deflate.c>
	AddOutputFilterByType DEFLATE text/plain
	AddOutputFilterByType DEFLATE text/html
	AddOutputFilterByType DEFLATE text/xml
	AddOutputFilterByType DEFLATE text/css
	AddOutputFilterByType DEFLATE text/javascript
	AddOutputFilterByType DEFLATE application/xml
	AddOutputFilterByType DEFLATE application/xhtml+xml
	AddOutputFilterByType DEFLATE application/rss+xml
	AddOutputFilterByType DEFLATE application/javascript
	AddOutputFilterByType DEFLATE application/x-javascript
</ifModule>

WSGISocketPrefix run/wsgi

BrowserMatch "Mozilla/2"       nokeepalive
BrowserMatch "MSIE 4\.0b2;"    nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0"       force-response-1.0
BrowserMatch "JDK/1\.0"        force-response-1.0
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

KeepAlive On
KeepAliveTimeout 5
MaxKeepAliveRequests 50

Header unset ETag
FileETag None


<Location /.hg/>
    <IfVersion < 2.4>
        Order Allow,Deny
        Deny from all
    </IfVersion>
    <IfVersion >= 2.4>
        Require all denied
    </IfVersion>
</Location>
<Location /.well-known>
    <IfVersion < 2.4>
	Order Deny,Allow
	Allow from all
    </IfVersion>
    <IfVersion >= 2.4>
        Require all granted
    </IfVersion>
</Location>
<FilesMatch "^((\.|~).*|.*(\.(dist|save|swo|swp|php_backup)|~)|backup\..*\.php)$">
    <IfVersion < 2.4>
        Order Allow,Deny
        Deny from all
    </IfVersion>
    <IfVersion >= 2.4>
        Require all denied
    </IfVersion>
</FilesMatch>

# "A man is not dead while his name is still spoken." - Going Postal, Chapter 4 prologue
<IfModule headers_module>
	header set X-Clacks-Overhead "GNU Terry Pratchett"
</IfModule>

ServerTokens Minor