Home Explore Help
Sign In
kolter
/
ansible-playbooks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 0754b61c49
Branches Tags
ansible-playboo...
/
roles
/
webserver
/
templates
/
apache2
/
conf.d
/
security.j2

security.j2 2.7 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 
  1. {% if ansible_prolog -%}
    2. 

  2. {% from 'templates/ansible/prolog.j2' import prolog with context %}
    3. 

  3. {{ prolog() }}
    4. 

  4. {% endif -%}
    5. 

  5. #
    6. 

  6. # Disable access to the entire file system except for the directories that
    7. 

  7. # are explicitly allowed later.
    8. 

  8. #
    9. 

  9. # This currently breaks the configurations that come with some web application
    10. 

  10. # Debian packages.
    11. 

  11. #
    12. 

  12. #<Directory />
    13. 

  13. #   AllowOverride None
    14. 

  14. #   Order Deny,Allow
    15. 

  15. #   Deny from all
    16. 

  16. #</Directory>
    17. 

  17. 

  18. 

  19. # Changing the following options will not really affect the security of the
    20. 

  20. # server, but might make attacks slightly more difficult in some cases.
    21. 

  21. 

  22. #
    23. 

  23. # ServerTokens
    24. 

  24. # This directive configures what you return as the Server HTTP response
    25. 

  25. # Header. The default is 'Full' which sends information about the OS-Type
    26. 

  26. # and compiled in modules.
    27. 

  27. # Set to one of:  Full | OS | Minimal | Minor | Major | Prod
    28. 

  28. # where Full conveys the most information, and Prod the least.
    29. 

  29. #
    30. 

  30. #ServerTokens Minimal
    31. 

  31. ServerTokens Prod
    32. 

  32. #ServerTokens Full
    33. 

  33. 

  34. #
    35. 

  35. # Optionally add a line containing the server version and virtual host
    36. 

  36. # name to server-generated pages (internal error documents, FTP directory
    37. 

  37. # listings, mod_status and mod_info output etc., but not CGI generated
    38. 

  38. # documents or custom error documents).
    39. 

  39. # Set to "EMail" to also include a mailto: link to the ServerAdmin.
    40. 

  40. # Set to one of:  On | Off | EMail
    41. 

  41. #
    42. 

  42. #ServerSignature Off
    43. 

  43. ServerSignature Off
    44. 

  44. 

  45. #
    46. 

  46. # Allow TRACE method
    47. 

  47. #
    48. 

  48. # Set to "extended" to also reflect the request body (only for testing and
    49. 

  49. # diagnostic purposes).
    50. 

  50. #
    51. 

  51. # Set to one of:  On | Off | extended
    52. 

  52. #
    53. 

  53. TraceEnable Off
    54. 

  54. #TraceEnable On
    55. 

  55. 

  56. #
    57. 

  57. # Forbid access to version control directories
    58. 

  58. #
    59. 

  59. # If you use version control systems in your document root, you should
    60. 

  60. # probably deny access to their directories. For example, for subversion:
    61. 

  61. #
    62. 

  62. <DirectoryMatch "/\.(svn|git)">
    63. 

  63.     Deny from all
    64. 

  64.     Satisfy all
    65. 

  65. </DirectoryMatch>
    66. 

  66. 

  67. #
    68. 

  68. # Setting this header will prevent MSIE from interpreting files as something
    69. 

  69. # else than declared by the content type in the HTTP headers.
    70. 

  70. # Requires mod_headers to be enabled.
    71. 

  71. #
    72. 

  72. #Header set X-Content-Type-Options: "nosniff"
    73. 

  73. 

  74. #
    75. 

  75. # Some browsers have a built-in XSS filter that will detect some cross site
    76. 

  76. # scripting attacks. By default, these browsers modify the suspicious part of
    77. 

  77. # the page and display the result. This behavior can create various problems
    78. 

  78. # including new security issues. This header will tell the XSS filter to
    79. 

  79. # completely block access to the page instead.
    80. 

  80. # Requires mod_headers to be enabled.
    81. 

  81. #
    82. 

  82. #Header set X-XSS-Protection: "1; mode=block"
    83. 

  83. 

  84. #
    85. 

  85. # Setting this header will prevent other sites from embedding pages from this
    86. 

  86. # site as frames. This defends against clickjacking attacks.
    87. 

  87. # Requires mod_headers to be enabled.
    88. 

  88. #
    89. 

  89. #Header set X-Frame-Options: "sameorigin"
    90.