/etc/apache2/conf-enabled/security.conf
# By default Apache time-out value is 300 seconds, which can be a victim of Slow Loris attack and DoS
Timeout 60
# Do not show Server version in header
ServerTokens Prod
# Do not show ServerSignature
ServerSignature Off
# Do not allow Trace
TraceEnable Off
# Disable ETag
FileETag None
Header unset ETag
# Remove X-Powered-By header (eg. X-Powered-By: PHP/5.1.2-1+b1)
Header always unset "X-Powered-By"
Header unset "X-Powered-By"
# mitigate most of the common Cross Site Scripting attack using HttpOnly and Secure flag in a cookie
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
# Clickjacking protection
Header set X-Frame-Options: "sameorigin"
# Cross Site Scripting (XSS) protection
Header set X-XSS-Protection "1; mode=block"/etc/apache2/sites-enabled/000-default.conf
RewriteEngine On
# allow only HTTP/1.1
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteRule .* - [F]
# redirect all to https
RewriteCond %{HTTPS} off
RewriteCond %{REMOTE_ADDR} !^192\.168\.123\.1
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
see also:
| Attribute(s): | Public | |||
| Created: | 28.04.2017 12:42 | Total Views: | 1468 | |
| Last Changed: | 01.05.2017 05:40 | Total Changes: | 6 |
Δt = 0.038964033126831s