You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by David Mehler <da...@gmail.com> on 2018/05/07 01:08:31 UTC
[users@httpd] sanity check
Hello,
Can someone look at this file snipet and give me a sanity check on it?
This is for Apache 2.4, and I'm thinking something might be not right
with it. It looks like I've got some similar, near similar, and
duplicate lines, will this impact performance?
Thanks.
Dave.
<IfModule mod_headers.c>
Header unset ETag
FileETag None
Header unset Server
Header always set X-Content-Type-Options "nosniff"
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Content-Security-Policy: "default-src 'self'
'unsafe-inline' ; script-src 'self' ; style-src 'self' 'unsafe-inline'
; img-src 'self' ; font-src 'self' ; connect-src 'self' ; media-src
'self' ; object-src 'self' ; child-src 'self' ; frame-ancestors 'none'
; form-action 'self' ; upgrade-insecure-requests;
block-all-mixed-content; reflected-xss block; "
Header set X-Frame-Options DENY
Header set Cache-Control:public, max-age=31536000
Header always set Strict-Transport-Security: "max-age=31536000;
includeSubDomains; preload"
Header append Referrer-Policy: no-referrer-when-downgrade
Header always unset "X-Powered-By"
Header set X-Permitted-Cross-Domain-Policies "none"
</IfModule>
TraceEnable off
# Deploy Content Security Policy CSP
<IfModule mod_headers.c>
Header set X-Content-Security-Policy "default-src 'self'; img-src
'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src
'self' 'unsafe-inline'; connect-src 'self';"
Header set Content-Security-Policy "default-src 'self'; script-src 'self';"
</IfModule>
# mod_evasive module
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 300
DOSEmailNotify webmaster@domain.com
DOSWhitelist 127.0.0.1
DOSLogDir "/var/log/mod_evasive"
DOSSystemCommand '/sbin/pfctl -t evasive -T add %s'
</IfModule>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org