feat: harden access security on httpd module configs
All checks were successful
ci / treefmt (push) Successful in 2m36s

This commit is contained in:
Ceferino Patino 2026-06-28 18:39:39 -05:00
commit d3636c7907
Signed by: c4patino
SSH key fingerprint: SHA256:Wu+cU1t+7zVT9wzew/4meNmeulo66NzMqc22MdDBgXI

View file

@ -93,6 +93,10 @@
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set X-Content-Type-Options "nosniff"
RewriteEngine On
ProxyTimeout 300
ProxyPreserveHost On
@ -119,14 +123,27 @@ in {
extraModules = [
"filter"
"headers"
"proxy"
"proxy_http"
"proxy_wstunnel"
"reqtimeout"
"rewrite"
"substitute"
];
extraConfig = ''
ServerTokens Prod
ServerSignature Off
TraceEnable Off
Timeout 30
RequestReadTimeout handshake=5 header=10-20,minrate=500 body=10,minrate=500
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLSessionTickets Off
ErrorDocument 400 /400.html
ErrorDocument 401 /401.html
ErrorDocument 403 /403.html