summaryrefslogtreecommitdiff
path: root/docs/configdiff/bugs/apache
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configdiff/bugs/apache')
-rw-r--r--docs/configdiff/bugs/apache/bugs-apache-config.diff47
1 files changed, 47 insertions, 0 deletions
diff --git a/docs/configdiff/bugs/apache/bugs-apache-config.diff b/docs/configdiff/bugs/apache/bugs-apache-config.diff
new file mode 100644
index 0000000..355b796
--- /dev/null
+++ b/docs/configdiff/bugs/apache/bugs-apache-config.diff
@@ -0,0 +1,47 @@
+diff -urw -X .bugs_etc_ignore orig/etc/apache2/conf-available/security.conf bugs/etc/apache2/conf-available/security.conf
+--- orig/etc/apache2/conf-available/security.conf 2015-11-28 13:59:22.000000000 +0100
++++ bugs/etc/apache2/conf-available/security.conf 2016-05-08 14:04:46.335145675 +0200
+@@ -5,11 +5,11 @@
+ # This currently breaks the configurations that come with some web application
+ # Debian packages.
+ #
+-#<Directory />
+-# AllowOverride None
+-# Order Deny,Allow
+-# Deny from all
+-#</Directory>
++<Directory />
++ AllowOverride None
++ Order Deny,Allow
++ Deny from all
++</Directory>
+
+
+ # Changing the following options will not really affect the security of the
+@@ -61,14 +61,24 @@
+ # else than declared by the content type in the HTTP headers.
+ # Requires mod_headers to be enabled.
+ #
+-#Header set X-Content-Type-Options: "nosniff"
++Header set X-Content-Type-Options: "nosniff"
++
++#
++# Some browsers have a built-in XSS filter that will detect some cross site
++# scripting attacks. By default, these browsers modify the suspicious part of
++# the page and display the result. This behavior can create various problems
++# including new security issues. This header will tell the XSS filter to
++# completely block access to the page instead.
++# Requires mod_headers to be enabled.
++#
++Header set X-XSS-Protection: "1; mode=block"
+
+ #
+ # Setting this header will prevent other sites from embedding pages from this
+ # site as frames. This defends against clickjacking attacks.
+ # Requires mod_headers to be enabled.
+ #
+-#Header set X-Frame-Options: "sameorigin"
++Header set X-Frame-Options: "sameorigin"
+
+
+ # vim: syntax=apache ts=4 sw=4 sts=4 sr noet