41250d97d1
Adding a configuration parameter csp-options that, when set, adds a Content-Security-Policy header to the apache configuration. This header can prevent or minimize the risk of certain types of security threats by placing restrictions on the things the web page's code can do. Closes-Bug: #2118835 Change-Id: I06f0b1c2787fa56460e5a196d3ca07c0a85c14e3 Signed-off-by: Jorge Merlino <jorge.merlino@canonical.com>
44 lines
1.3 KiB
Plaintext
44 lines
1.3 KiB
Plaintext
<VirtualHost *:{{ http_port }}>
|
|
|
|
{% if enforce_ssl %}
|
|
RewriteEngine On
|
|
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
|
{% endif %}
|
|
ServerAdmin webmaster@localhost
|
|
|
|
DocumentRoot /var/www
|
|
<Directory />
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
</Directory>
|
|
<Directory /var/www/>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverride None
|
|
Order allow,deny
|
|
allow from all
|
|
</Directory>
|
|
|
|
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
|
|
<Directory "/usr/lib/cgi-bin">
|
|
AllowOverride None
|
|
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
|
Order allow,deny
|
|
Allow from all
|
|
</Directory>
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
|
|
# Possible values include: debug, info, notice, warn, error, crit,
|
|
# alert, emerg.
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
|
|
KeepAliveTimeout 75
|
|
MaxKeepAliveRequests 1000
|
|
Header set X-Frame-Options: "sameorigin"
|
|
{% if csp_options %}
|
|
Header set Content-Security-Policy "{{ csp_options }}"
|
|
{% endif %}
|
|
</VirtualHost>
|