[Pkg-apache-commits] [SCM] Debian packaging for apache2 (Apache HTTPD 2.x) branch, next, updated. debian/2.4.2-2-22-ga6839a0

[Stefan Fritsch]

The following commit has been merged in the next branch:
commit a6839a0d8e29e44f01711ff800f12b1628ccd3dc
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Sun Jun 10 02:01:18 2012 +0200

    Add examples for X-Content-Type-Options and X-Frame-Options
    to conf.d/security.

diff --git a/debian/changelog b/debian/changelog
index b17f65b..bf0e832 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apache2 (2.4.2-3) UNRELEASED; urgency=low
+
+  * Add examples for X-Content-Type-Options and X-Frame-Options to
+    security.conf.
+
+ -- Stefan Fritsch <sf at debian.org>  Sun, 10 Jun 2012 02:11:47 +0200
+
 apache2 (2.4.2-2) experimental; urgency=low
 
   [ Stefan Fritsch ]
diff --git a/debian/config-dir/conf-available/security.conf b/debian/config-dir/conf-available/security.conf
index 7fd21c1..599333b 100644
--- a/debian/config-dir/conf-available/security.conf
+++ b/debian/config-dir/conf-available/security.conf
@@ -56,4 +56,19 @@ TraceEnable Off
 #   Require all denied
 #</DirectoryMatch>
 
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"
+
+
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

-- 
Debian packaging for apache2 (Apache HTTPD 2.x)