2 # Disable access to the entire file system except for the directories that
3 # are explicitly allowed later.
5 # This currently breaks the configurations that come with some web application
15 # Changing the following options will not really affect the security of the
16 # server, but might make attacks slightly more difficult in some cases.
20 # This directive configures what you return as the Server HTTP response
21 # Header. The default is 'Full' which sends information about the OS-Type
22 # and compiled in modules.
23 # Set to one of: Full | OS | Minimal | Minor | Major | Prod
24 # where Full conveys the most information, and Prod the least.
30 # Optionally add a line containing the server version and virtual host
31 # name to server-generated pages (internal error documents, FTP directory
32 # listings, mod_status and mod_info output etc., but not CGI generated
33 # documents or custom error documents).
34 # Set to "EMail" to also include a mailto: link to the ServerAdmin.
35 # Set to one of: On | Off | EMail
42 # Set to "extended" to also reflect the request body (only for testing and
43 # diagnostic purposes).
45 # Set to one of: On | Off | extended
50 # Forbid access to version control directories
52 # If you use version control systems in your document root, you should
53 # probably deny access to their directories. For example, for subversion:
55 #<DirectoryMatch "/\.svn">
60 # Setting this header will prevent MSIE from interpreting files as something
61 # else than declared by the content type in the HTTP headers.
62 # Requires mod_headers to be enabled.
64 #Header set X-Content-Type-Options: "nosniff"
67 # Setting this header will prevent other sites from embedding pages from this
68 # site as frames. This defends against clickjacking attacks.
69 # Requires mod_headers to be enabled.
71 #Header set X-Frame-Options: "sameorigin"
74 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet