You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by David Mehler <da...@gmail.com> on 2018/05/07 01:08:31 UTC

[users@httpd] sanity check

Hello,

Can someone look at this file snipet and give me a sanity check on it?
This is for Apache 2.4, and I'm thinking something might be not right
with it. It looks like I've got some similar, near similar, and
duplicate lines, will this impact performance?

Thanks.
Dave.

<IfModule mod_headers.c>
Header unset ETag
FileETag None
Header unset Server
    Header always set X-Content-Type-Options "nosniff"
         Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Content-Security-Policy: "default-src 'self'
'unsafe-inline' ; script-src 'self' ; style-src 'self' 'unsafe-inline'
; img-src 'self' ; font-src 'self' ; connect-src 'self' ; media-src
'self' ; object-src 'self' ; child-src 'self' ; frame-ancestors 'none'
; form-action 'self' ; upgrade-insecure-requests;
block-all-mixed-content; reflected-xss block; "
    Header set X-Frame-Options DENY
         Header set Cache-Control:public, max-age=31536000
Header always set Strict-Transport-Security: "max-age=31536000;
includeSubDomains; preload"
Header append Referrer-Policy: no-referrer-when-downgrade
Header always unset "X-Powered-By"
Header set X-Permitted-Cross-Domain-Policies "none"
</IfModule>
TraceEnable off

# Deploy Content Security Policy CSP
<IfModule mod_headers.c>
Header set X-Content-Security-Policy "default-src 'self'; img-src
'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src
'self' 'unsafe-inline'; connect-src 'self';"
Header set Content-Security-Policy "default-src 'self'; script-src 'self';"
</IfModule>

# mod_evasive module
<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   300
DOSEmailNotify webmaster@domain.com
DOSWhitelist	127.0.0.1
DOSLogDir		"/var/log/mod_evasive"
DOSSystemCommand '/sbin/pfctl -t evasive -T add %s'
</IfModule>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org