LimitRequestBody 204800
ServerTokens Prod
ServerSignature Off
TraceEnable Off
MaxClients 150
TimeOut 200
KeepAliveTimeout 3
LimitRequestFields 60
LimitRequestFieldSize 4094
Options -Includes
Options -ExecCGI
#Options -FollowSymLinks
HostnameLookups off
#
# deny from all
#
RewriteEngine ON
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteRule .* - [F]
# Forbid access to version control directories
#
# If you use version control systems in your document root, you should
# probably deny access to their directories. For example, for GIT:
#
Order deny,allow
Deny from all
Order deny,allow
Deny from all
SetHandler server-status
#AuthType basic
#AuthName "Apache status"
#AuthUserFile /etc/apache2/conf/server-status_htpasswd
#Require valid-user
Order deny,allow
Deny from all
Allow from none
#
# Setting this header will prevent MSIE from interpreting files as something
# else than declared by the content type in the HTTP headers.
# Requires mod_headers to be enabled.
#
#Header set X-Content-Type-Options: "nosniff"
#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
#Header set X-Frame-Options: "sameorigin"
ExtendedStatus Off
Header unset ETag
Header always unset X-Powered-By
FileETag None
Header always append X-Frame-Options SAMEORIGIN
#Header set X-XSS-Protection "1; mode=block"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header set Feature-Policy: "geolocation 'none'; microphone 'none'; camera 'self';"
Header set Referer-Policy: "strict-origin"
SSLProtocol -ALL +TLSv1.2
# +TLSv1.3
SSLOpenSSLConfCmd Protocol "-ALL, TLSv1.2"
# , TLSv1.3
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Header set Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload;"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet