[SCM] Debian packaging for apache2 branch, master, updated. debian/2.2.22-3-38-g771cf9d
Stefan Fritsch
sf at sfritsch.de
Sat Jun 23 15:42:15 UTC 2012
The following commit has been merged in the master branch:
commit 771cf9de50b9f56068b84f379000deb7669696d6
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sat Jun 23 17:37:44 2012 +0200
Add example for X-XSS-Protection to conf.d/security.
diff --git a/debian/changelog b/debian/changelog
index deb76f6..b5bfe58 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ apache2 (2.2.22-8) UNRELEASED; urgency=medium
* CVE-2012-2687: mod_negotiation: Escape filenames in variant list to prevent
a possible XSS for a site where untrusted users can upload files to a
location with MultiViews enabled.
+ * Add example for X-XSS-Protection to conf.d/security.
[ Arno Töll ]
* Fix "contradictory comment in /etc/apache2/apache2.conf about the
diff --git a/debian/config-dir/conf.d/security b/debian/config-dir/conf.d/security
index 483e482..b0d4622 100644
--- a/debian/config-dir/conf.d/security
+++ b/debian/config-dir/conf.d/security
@@ -68,6 +68,16 @@ TraceEnable Off
#Header set X-Content-Type-Options: "nosniff"
#
+# Some browsers have a built-in XSS filter that will detect some cross site
+# scripting attacks. By default, these browsers the the suspicious part of
+# the page and display the result. This behavior can create various problems
+# including new security issues. This header will tell the XSS filter to
+# completely block access to the page instead.
+# Requires mod_headers to be enabled.
+#
+#Header set X-XSS-Protection: "1; mode=block"
+
+#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
--
Debian packaging for apache2
More information about the Pkg-apache-commits
mailing list