[Pkg-apache-commits] [SCM] Debian packaging for apache2 (Apache HTTPD 2.x) branch, master, updated. debian/2.2.22-3-22-g2c37b11

Stefan Fritsch sf at sfritsch.de
Sun Jun 10 00:02:02 UTC 2012


The following commit has been merged in the master branch:
commit 2c37b11aa240059903e40c9d0c17746386121034
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Sun Jun 10 02:01:18 2012 +0200

    Add examples for X-Content-Type-Options and X-Frame-Options
    to conf.d/security.

diff --git a/debian/changelog b/debian/changelog
index 920e2f3..37701db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ apache2 (2.2.22-7) UNRELEASED; urgency=low
   [ Stefan Fritsch ]
   * Allow colons in filenames when using wildcards with "Include".
     Closes: #676610
+  * Add examples for X-Content-Type-Options and X-Frame-Options to
+    conf.d/security.
 
  -- Arno Töll <arno at debian.org>  Wed, 06 Jun 2012 00:10:34 +0200
 
diff --git a/debian/config-dir/conf.d/security b/debian/config-dir/conf.d/security
index 5faf17f..e8dd2ee 100644
--- a/debian/config-dir/conf.d/security
+++ b/debian/config-dir/conf.d/security
@@ -59,3 +59,16 @@ TraceEnable Off
 #	Require all denied
 #</DirectoryMatch>
 
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"

-- 
Debian packaging for apache2 (Apache HTTPD 2.x)



More information about the Pkg-apache-commits mailing list