[eostre.git] / drupal-configs / shopserver / apache2 / conf-available / security.conf

#
# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
# Debian packages.
#
#<Directory />
#   AllowOverride None
#   Order Deny,Allow
#   Deny from all
#</Directory>


# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#ServerTokens Minimal
ServerTokens OS
#ServerTokens Full

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#ServerSignature Off
ServerSignature On

#
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of:  On | Off | extended
TraceEnable Off
#TraceEnable On

#
# Forbid access to version control directories
#
# If you use version control systems in your document root, you should
# probably deny access to their directories. For example, for subversion:
#
#<DirectoryMatch "/\.svn">
#   Require all denied
#</DirectoryMatch>

#
# Setting this header will prevent MSIE from interpreting files as something
# else than declared by the content type in the HTTP headers.
# Requires mod_headers to be enabled.
#
#Header set X-Content-Type-Options: "nosniff"

#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
#Header set X-Frame-Options: "sameorigin"


# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Commit	Line	Data
436d9fbf	1	#
	2	# Disable access to the entire file system except for the directories that
	3	# are explicitly allowed later.
	4	#
	5	# This currently breaks the configurations that come with some web application
	6	# Debian packages.
	7	#
	8	#<Directory />
	9	# AllowOverride None
	10	# Order Deny,Allow
	11	# Deny from all
	12	#</Directory>
	13
	14
	15	# Changing the following options will not really affect the security of the
	16	# server, but might make attacks slightly more difficult in some cases.
	17
	18	#
	19	# ServerTokens
	20	# This directive configures what you return as the Server HTTP response
	21	# Header. The default is 'Full' which sends information about the OS-Type
	22	# and compiled in modules.
	23	# Set to one of: Full \| OS \| Minimal \| Minor \| Major \| Prod
	24	# where Full conveys the most information, and Prod the least.
	25	#ServerTokens Minimal
	26	ServerTokens OS
	27	#ServerTokens Full
	28
	29	#
	30	# Optionally add a line containing the server version and virtual host
	31	# name to server-generated pages (internal error documents, FTP directory
	32	# listings, mod_status and mod_info output etc., but not CGI generated
	33	# documents or custom error documents).
	34	# Set to "EMail" to also include a mailto: link to the ServerAdmin.
	35	# Set to one of: On \| Off \| EMail
	36	#ServerSignature Off
	37	ServerSignature On
	38
	39	#
	40	# Allow TRACE method
	41	#
	42	# Set to "extended" to also reflect the request body (only for testing and
	43	# diagnostic purposes).
	44	#
	45	# Set to one of: On \| Off \| extended
	46	TraceEnable Off
	47	#TraceEnable On
	48
	49	#
	50	# Forbid access to version control directories
	51	#
	52	# If you use version control systems in your document root, you should
	53	# probably deny access to their directories. For example, for subversion:
	54	#
	55	#<DirectoryMatch "/\.svn">
	56	# Require all denied
	57	#</DirectoryMatch>
	58
	59	#
	60	# Setting this header will prevent MSIE from interpreting files as something
	61	# else than declared by the content type in the HTTP headers.
	62	# Requires mod_headers to be enabled.
	63	#
	64	#Header set X-Content-Type-Options: "nosniff"
65
66	#
67	# Setting this header will prevent other sites from embedding pages from this
68	# site as frames. This defends against clickjacking attacks.
69	# Requires mod_headers to be enabled.
70	#
71	#Header set X-Frame-Options: "sameorigin"
72
73
74	# vim: syntax=apache ts=4 sw=4 sts=4 sr noet