2 # Disable access to the entire file system except for the directories that
3 # are explicitly allowed later.
5 # This currently breaks the configurations that come with some web application
14 # Changing the following options will not really affect the security of the
15 # server, but might make attacks slightly more difficult in some cases.
19 # This directive configures what you return as the Server HTTP response
20 # Header. The default is 'Full' which sends information about the OS-Type
21 # and compiled in modules.
22 # Set to one of: Full | OS | Minimal | Minor | Major | Prod
23 # where Full conveys the most information, and Prod the least.
29 # Optionally add a line containing the server version and virtual host
30 # name to server-generated pages (internal error documents, FTP directory
31 # listings, mod_status and mod_info output etc., but not CGI generated
32 # documents or custom error documents).
33 # Set to "EMail" to also include a mailto: link to the ServerAdmin.
34 # Set to one of: On | Off | EMail
41 # Set to "extended" to also reflect the request body (only for testing and
42 # diagnostic purposes).
44 # Set to one of: On | Off | extended
49 # Forbid access to version control directories
51 # If you use version control systems in your document root, you should
52 # probably deny access to their directories. For example, for subversion:
54 #<DirectoryMatch "/\.svn">
59 # Setting this header will prevent MSIE from interpreting files as something
60 # else than declared by the content type in the HTTP headers.
61 # Requires mod_headers to be enabled.
63 #Header set X-Content-Type-Options: "nosniff"
66 # Setting this header will prevent other sites from embedding pages from this
67 # site as frames. This defends against clickjacking attacks.
68 # Requires mod_headers to be enabled.
70 #Header set X-Frame-Options: "sameorigin"
73 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
projects / eostre.git / blob