You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
87 lines
2.1 KiB
87 lines
2.1 KiB
LimitRequestBody 204800
|
|
ServerTokens Prod
|
|
ServerSignature Off
|
|
TraceEnable Off
|
|
MaxClients 150
|
|
TimeOut 200
|
|
KeepAliveTimeout 3
|
|
LimitRequestFields 60
|
|
LimitRequestFieldSize 4094
|
|
|
|
Options -Includes
|
|
Options -ExecCGI
|
|
#Options -FollowSymLinks
|
|
|
|
HostnameLookups off
|
|
|
|
# <LimitExcept POST GET PUT UPDATE DELETE>
|
|
# deny from all
|
|
# </LimitExcept>
|
|
|
|
RewriteEngine ON
|
|
RewriteCond %{THE_REQUEST} !HTTP/1.1$
|
|
RewriteRule .* - [F]
|
|
|
|
# Forbid access to version control directories
|
|
#
|
|
# If you use version control systems in your document root, you should
|
|
# probably deny access to their directories. For example, for GIT:
|
|
#
|
|
<DirectoryMatch "^/.*/\.git">
|
|
Order deny,allow
|
|
Deny from all
|
|
</DirectoryMatch>
|
|
|
|
<FilesMatch "php_error_log">
|
|
Order deny,allow
|
|
Deny from all
|
|
</FilesMatch>
|
|
|
|
<Location /server-status>
|
|
SetHandler server-status
|
|
#AuthType basic
|
|
#AuthName "Apache status"
|
|
#AuthUserFile /etc/apache2/conf/server-status_htpasswd
|
|
#Require valid-user
|
|
Order deny,allow
|
|
Deny from all
|
|
Allow from none
|
|
</Location>
|
|
|
|
#
|
|
# Setting this header will prevent MSIE from interpreting files as something
|
|
# else than declared by the content type in the HTTP headers.
|
|
# Requires mod_headers to be enabled.
|
|
#
|
|
#Header set X-Content-Type-Options: "nosniff"
|
|
|
|
#
|
|
# Setting this header will prevent other sites from embedding pages from this
|
|
# site as frames. This defends against clickjacking attacks.
|
|
# Requires mod_headers to be enabled.
|
|
#
|
|
#Header set X-Frame-Options: "sameorigin"
|
|
|
|
ExtendedStatus Off
|
|
Header unset ETag
|
|
Header always unset X-Powered-By
|
|
FileETag None
|
|
|
|
Header always append X-Frame-Options SAMEORIGIN
|
|
#Header set X-XSS-Protection "1; mode=block"
|
|
|
|
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
|
|
|
|
Header set Feature-Policy: "geolocation 'none'; microphone 'none'; camera 'self';"
|
|
Header set Referer-Policy: "strict-origin"
|
|
|
|
SSLProtocol -ALL +TLSv1.2
|
|
# +TLSv1.3
|
|
SSLOpenSSLConfCmd Protocol "-ALL, TLSv1.2"
|
|
# , TLSv1.3
|
|
|
|
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
|
|
|
|
Header set Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload;"
|
|
|
|
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
|
|