Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - seravee

Pages: [1]
1
Hi my CWP server is using standard basic security headers (that only I need). Simply you can paste into your httpd.conf file.

Backup httpd.conf
Code: [Select]
cp -p /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf_bak
Adding some syntax
Code: [Select]
vi /usr/local/apache/conf/httpd.conf
Just add these additional lines at the end of lines of your httpd.conf and restart apache to take effects.

Code: [Select]
ServerTokens Prod
ServerSignature Off

FileETag None

Header always append X-Frame-Options SAMEORIGIN

Header set X-XSS-Protection "1; mode=block"

Timeout 90

LoadModule headers_module modules/mod_headers.so
Header set X-Content-Type-Options nosniff

Header set Content-Security-Policy "default-src 'self';"

You can test and see if those lines is working for you.

Pages: [1]