security.j2 2.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
  1. {% if ansible_prolog -%}
  2. {% from 'templates/ansible/prolog.j2' import prolog with context %}
  3. {{ prolog() }}
  4. {% endif -%}
  5. #
  6. # Disable access to the entire file system except for the directories that
  7. # are explicitly allowed later.
  8. #
  9. # This currently breaks the configurations that come with some web application
  10. # Debian packages.
  11. #
  12. #<Directory />
  13. # AllowOverride None
  14. # Order Deny,Allow
  15. # Deny from all
  16. #</Directory>
  17. # Changing the following options will not really affect the security of the
  18. # server, but might make attacks slightly more difficult in some cases.
  19. #
  20. # ServerTokens
  21. # This directive configures what you return as the Server HTTP response
  22. # Header. The default is 'Full' which sends information about the OS-Type
  23. # and compiled in modules.
  24. # Set to one of: Full | OS | Minimal | Minor | Major | Prod
  25. # where Full conveys the most information, and Prod the least.
  26. #
  27. #ServerTokens Minimal
  28. ServerTokens Prod
  29. #ServerTokens Full
  30. #
  31. # Optionally add a line containing the server version and virtual host
  32. # name to server-generated pages (internal error documents, FTP directory
  33. # listings, mod_status and mod_info output etc., but not CGI generated
  34. # documents or custom error documents).
  35. # Set to "EMail" to also include a mailto: link to the ServerAdmin.
  36. # Set to one of: On | Off | EMail
  37. #
  38. #ServerSignature Off
  39. ServerSignature Off
  40. #
  41. # Allow TRACE method
  42. #
  43. # Set to "extended" to also reflect the request body (only for testing and
  44. # diagnostic purposes).
  45. #
  46. # Set to one of: On | Off | extended
  47. #
  48. TraceEnable Off
  49. #TraceEnable On
  50. #
  51. # Forbid access to version control directories
  52. #
  53. # If you use version control systems in your document root, you should
  54. # probably deny access to their directories. For example, for subversion:
  55. #
  56. <DirectoryMatch "/\.(svn|git)">
  57. Deny from all
  58. Satisfy all
  59. </DirectoryMatch>
  60. #
  61. # Setting this header will prevent MSIE from interpreting files as something
  62. # else than declared by the content type in the HTTP headers.
  63. # Requires mod_headers to be enabled.
  64. #
  65. #Header set X-Content-Type-Options: "nosniff"
  66. #
  67. # Some browsers have a built-in XSS filter that will detect some cross site
  68. # scripting attacks. By default, these browsers modify the suspicious part of
  69. # the page and display the result. This behavior can create various problems
  70. # including new security issues. This header will tell the XSS filter to
  71. # completely block access to the page instead.
  72. # Requires mod_headers to be enabled.
  73. #
  74. #Header set X-XSS-Protection: "1; mode=block"
  75. #
  76. # Setting this header will prevent other sites from embedding pages from this
  77. # site as frames. This defends against clickjacking attacks.
  78. # Requires mod_headers to be enabled.
  79. #
  80. #Header set X-Frame-Options: "sameorigin"