ソースを参照

Correction ServerTokens

develop
Teddy Cornaut 6ヶ月前
コミット
567923ce25
3個のファイルの変更75行の追加1行の削除
  1. 1
    0
      dicos/61_pve.xml
  2. 74
    0
      tmpl/mse-apache-security.conf
  3. 0
    1
      tmpl/msebundle-apache.conf

+ 1
- 0
dicos/61_pve.xml ファイルの表示

@@ -19,6 +19,7 @@
19 19
         <file filelist='mse-apache' name='/etc/apache2/sites-available/mse.conf' source='msebundle-apache.conf' mkdir='True' rm='True'/>
20 20
         <file filelist='mse-apache' name='/etc/apache2/mods-available/mpm_event.conf' mkdir='True' rm='True'/>
21 21
         <file filelist='mse-apache' name='/etc/apache2/mods-available/mpm_worker.conf' mkdir='True' rm='True'/>
22
+        <file filelist='mse-apache' name='/etc/apache2/conf-available/security.conf' source='mse-apache-security.conf' mkdir='True' rm='True'/>
22 23
         <file filelist='mse-apache' name='/etc/php/5.6/fpm/pool.d/mse.conf' source='mse-fpm.conf' mkdir='True' rm='True'/>
23 24
         <file filelist='mse-apache-revproxy' name='/etc/apache2/mods-available/remoteip.conf' source='mse-apache-remoteip.conf' mkdir='True' rm='True'/>
24 25
 

+ 74
- 0
tmpl/mse-apache-security.conf ファイルの表示

@@ -0,0 +1,74 @@
1
+#
2
+# Disable access to the entire file system except for the directories that
3
+# are explicitly allowed later.
4
+#
5
+# This currently breaks the configurations that come with some web application
6
+# Debian packages.
7
+#
8
+#<Directory />
9
+#   AllowOverride None
10
+#   Require all denied
11
+#</Directory>
12
+
13
+
14
+# Changing the following options will not really affect the security of the
15
+# server, but might make attacks slightly more difficult in some cases.
16
+
17
+#
18
+# ServerTokens
19
+# This directive configures what you return as the Server HTTP response
20
+# Header. The default is 'Full' which sends information about the OS-Type
21
+# and compiled in modules.
22
+# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
23
+# where Full conveys the most information, and Prod the least.
24
+#ServerTokens Minimal
25
+#ServerTokens OS
26
+#ServerTokens Full
27
+ServerTokens Prod
28
+
29
+#
30
+# Optionally add a line containing the server version and virtual host
31
+# name to server-generated pages (internal error documents, FTP directory
32
+# listings, mod_status and mod_info output etc., but not CGI generated
33
+# documents or custom error documents).
34
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
35
+# Set to one of:  On | Off | EMail
36
+#ServerSignature Off
37
+ServerSignature On
38
+
39
+#
40
+# Allow TRACE method
41
+#
42
+# Set to "extended" to also reflect the request body (only for testing and
43
+# diagnostic purposes).
44
+#
45
+# Set to one of:  On | Off | extended
46
+TraceEnable Off
47
+#TraceEnable On
48
+
49
+#
50
+# Forbid access to version control directories
51
+#
52
+# If you use version control systems in your document root, you should
53
+# probably deny access to their directories. For example, for subversion:
54
+#
55
+#<DirectoryMatch "/\.svn">
56
+#   Require all denied
57
+#</DirectoryMatch>
58
+
59
+#
60
+# Setting this header will prevent MSIE from interpreting files as something
61
+# else than declared by the content type in the HTTP headers.
62
+# Requires mod_headers to be enabled.
63
+#
64
+#Header set X-Content-Type-Options: "nosniff"
65
+
66
+#
67
+# Setting this header will prevent other sites from embedding pages from this
68
+# site as frames. This defends against clickjacking attacks.
69
+# Requires mod_headers to be enabled.
70
+#
71
+#Header set X-Frame-Options: "sameorigin"
72
+
73
+
74
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

+ 0
- 1
tmpl/msebundle-apache.conf ファイルの表示

@@ -1,7 +1,6 @@
1 1
 <VirtualHost *:80>
2 2
     ServerName %%pvebundle_domain
3 3
     ServerAlias %%pvebundle_alias
4
-    ServerTokens Prod
5 4
 
6 5
     TimeOut %%mseTimeout
7 6
     ProxyTimeout %%mseProxyTimeout

読み込み中…
キャンセル
保存