github.com/ddev/ddev@v1.23.2-0.20240519125000-d824ffe36ff3/containers/ddev-webserver/ddev-webserver-base-files/etc/apache2/conf-available/security.conf

github.com/ddev/ddev@v1.23.2-0.20240519125000-d824ffe36ff3/containers/ddev-webserver/ddev-webserver-base-files/etc/apache2/conf-available/security.conf (about)

     1  #
     2  # Disable access to the entire file system except for the directories that
     3  # are explicitly allowed later.
     4  #
     5  # This currently breaks the configurations that come with some web application
     6  # Debian packages.
     7  #
     8  #<Directory />
     9  #   AllowOverride None
    10  #   Order Deny,Allow
    11  #   Deny from all
    12  #</Directory>
    13  
    14  
    15  # Changing the following options will not really affect the security of the
    16  # server, but might make attacks slightly more difficult in some cases.
    17  
    18  #
    19  # ServerTokens
    20  # This directive configures what you return as the Server HTTP response
    21  # Header. The default is 'Full' which sends information about the OS-Type
    22  # and compiled in modules.
    23  # Set to one of:  Full | OS | Minimal | Minor | Major | Prod
    24  # where Full conveys the most information, and Prod the least.
    25  #ServerTokens Minimal
    26  ServerTokens OS
    27  #ServerTokens Full
    28  
    29  #
    30  # Optionally add a line containing the server version and virtual host
    31  # name to server-generated pages (internal error documents, FTP directory
    32  # listings, mod_status and mod_info output etc., but not CGI generated
    33  # documents or custom error documents).
    34  # Set to "EMail" to also include a mailto: link to the ServerAdmin.
    35  # Set to one of:  On | Off | EMail
    36  #ServerSignature Off
    37  ServerSignature On
    38  
    39  #
    40  # Allow TRACE method
    41  #
    42  # Set to "extended" to also reflect the request body (only for testing and
    43  # diagnostic purposes).
    44  #
    45  # Set to one of:  On | Off | extended
    46  TraceEnable Off
    47  #TraceEnable On
    48  
    49  #
    50  # Forbid access to version control directories
    51  #
    52  # If you use version control systems in your document root, you should
    53  # probably deny access to their directories. For example, for subversion:
    54  #
    55  #<DirectoryMatch "/\.svn">
    56  #   Require all denied
    57  #</DirectoryMatch>
    58  
    59  #
    60  # Setting this header will prevent MSIE from interpreting files as something
    61  # else than declared by the content type in the HTTP headers.
    62  # Requires mod_headers to be enabled.
    63  #
    64  #Header set X-Content-Type-Options: "nosniff"
    65  
    66  #
    67  # Setting this header will prevent other sites from embedding pages from this
    68  # site as frames. This defends against clickjacking attacks.
    69  # Requires mod_headers to be enabled.
    70  #
    71  #Header set X-Frame-Options: "sameorigin"
    72  
    73  
    74  # vim: syntax=apache ts=4 sw=4 sts=4 sr noet