Mercurial > repos > other > Puppet
view modules/website/files/zzz-custom.conf @ 106:ef0926ee389a puppet-3.6
Lock down Apache headers for security, based on https://securityheaders.io/
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sat, 14 May 2016 17:10:10 +0100 |
parents | 5d6111879862 |
children |
line wrap: on
line source
SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS DirectoryIndex index.php index.html AddType image/x-icon .ico ExpiresActive On ExpiresByType image/jpeg "access plus 2 weeks" ExpiresByType image/gif "access plus 2 weeks" ExpiresByType image/png "access plus 2 weeks" ExpiresByType text/css "access plus 1 week" ExpiresByType text/javascript "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType application/x-javascript "access plus 1 month" ExpiresByType image/x-icon "access plus 1 month" <ifModule mod_deflate.c> AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript </ifModule> WSGISocketPrefix run/wsgi BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown KeepAlive On KeepAliveTimeout 5 MaxKeepAliveRequests 50 Header unset ETag FileETag None <Location /.hg/> <IfVersion < 2.4> Order Allow,Deny Deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Location> <Location /.well-known> <IfVersion < 2.4> Order Deny,Allow Allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> </Location> <FilesMatch "^((\.|~).*|.*(\.(dist|save|swo|swp|php_backup)|~)|backup\..*\.php)$"> <IfVersion < 2.4> Order Allow,Deny Deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </FilesMatch> # "A man is not dead while his name is still spoken." - Going Postal, Chapter 4 prologue <IfModule headers_module> header set X-Clacks-Overhead "GNU Terry Pratchett" </IfModule> ServerTokens Minor