X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fapache2%2Ffiles%2Fsecurity;h=70ab0f96725d9db9a300e8e00c532b8451e7c2c1;hb=836eff39ec561176cd00cc2d7b4e66e9668a25ee;hp=da8525a92a2617ea5bd45f59aed2750e574b0316;hpb=3eb533e5499e66423bafdedaf6c7d08ead1772de;p=mirror%2Fdsa-puppet.git
diff --git a/modules/apache2/files/security b/modules/apache2/files/security
index da8525a92..70ab0f967 100644
--- a/modules/apache2/files/security
+++ b/modules/apache2/files/security
@@ -1,19 +1,14 @@
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
#
# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
-# Debian packages. It will be made the default for the release after lenny.
+# Debian packages.
#
#
-# AllowOverride None
-# Order Deny,Allow
-# Deny from all
+# AllowOverride None
+# Order Deny,Allow
+# Deny from all
#
@@ -27,9 +22,9 @@
# and compiled in modules.
# Set to one of: Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
-#
#ServerTokens Minimal
ServerTokens ProductOnly
+#ServerTokens Full
#
# Optionally add a line containing the server version and virtual host
@@ -38,7 +33,6 @@ ServerTokens ProductOnly
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
-#
#ServerSignature Off
ServerSignature On
@@ -49,7 +43,32 @@ ServerSignature On
# diagnostic purposes).
#
# Set to one of: On | Off | extended
-#
TraceEnable Off
#TraceEnable On
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#
+# Require all denied
+#
+
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet