X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=conf.d%2Fsecurity;fp=conf.d%2Fsecurity;h=37206182f28b60ecd551ad77e805ef8f1ca8781d;hb=c4d64a3e3a7122472181fe57f9726008f7af5eea;hp=0000000000000000000000000000000000000000;hpb=8bf9b16023e2774f943e420d5cb0a65d72f500ab;p=sysconfig%2Fapache2.git diff --git a/conf.d/security b/conf.d/security new file mode 100644 index 0000000..3720618 --- /dev/null +++ b/conf.d/security @@ -0,0 +1,51 @@ +# +# Disable access to the entire file system except for the directories that +# are explicitly allowed later. +# +# This currently breaks the configurations that come with some web application +# Debian packages. It will be made the default for the release after lenny. +# +# +# AllowOverride None +# Order Deny,Allow +# Deny from all +# + + +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +# +#ServerTokens Minimal +ServerTokens OS +#ServerTokens Full + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +#ServerSignature Off +ServerSignature On + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +# +TraceEnable Off +#TraceEnable On +