[Pkg-apache-commits] [SCM] Debian packaging for apache2 (Apache HTTPD 2.x) branch, master, updated. debian/2.2.22-3-22-g2c37b11
Stefan Fritsch
sf at sfritsch.de
Sun Jun 10 00:02:02 UTC 2012
The following commit has been merged in the master branch:
commit 2c37b11aa240059903e40c9d0c17746386121034
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sun Jun 10 02:01:18 2012 +0200
Add examples for X-Content-Type-Options and X-Frame-Options
to conf.d/security.
diff --git a/debian/changelog b/debian/changelog
index 920e2f3..37701db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ apache2 (2.2.22-7) UNRELEASED; urgency=low
[ Stefan Fritsch ]
* Allow colons in filenames when using wildcards with "Include".
Closes: #676610
+ * Add examples for X-Content-Type-Options and X-Frame-Options to
+ conf.d/security.
-- Arno Töll <arno at debian.org> Wed, 06 Jun 2012 00:10:34 +0200
diff --git a/debian/config-dir/conf.d/security b/debian/config-dir/conf.d/security
index 5faf17f..e8dd2ee 100644
--- a/debian/config-dir/conf.d/security
+++ b/debian/config-dir/conf.d/security
@@ -59,3 +59,16 @@ TraceEnable Off
# Require all denied
#</DirectoryMatch>
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"
--
Debian packaging for apache2 (Apache HTTPD 2.x)
More information about the Pkg-apache-commits
mailing list