]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commitdiff
projects / people / pmueller / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f451d46)
prevent IE from interpreting HTML MIME type
authorPeter Müller <peter.mueller@link38.eu>
Sun, 3 Dec 2017 17:10:47 +0000 (18:10 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 16 Dec 2017 12:16:12 +0000 (12:16 +0000)
Add X-Content-Type-Options header to prevent Internet Explorer
from interpreting the MIME type of a server answer on its own,
which could lead to security risks.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/httpd/vhosts.d/captive.conf patch | blob | blame | history
config/httpd/vhosts.d/ipfire-interface-ssl.conf patch | blob | blame | history
config/httpd/vhosts.d/ipfire-interface.conf patch | blob | blame | history

diff --git a/config/httpd/vhosts.d/captive.conf b/config/httpd/vhosts.d/captive.conf
index e4e1d78f1c76c461f7018c715a0651a93e205e29..e71a26081ef2a11edafdad053910f37acaab9cd5 100644 (file)
--- a/config/httpd/vhosts.d/captive.conf
+++ b/config/httpd/vhosts.d/captive.conf
@@ -9,6 +9,8 @@ Listen 1013
        # code was entered.
        KeepAlive Off
 
+       Header always set X-Content-Type-Options nosniff
+
        ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/captive/
        Alias /assets/ /srv/web/ipfire/html/captive/assets/
 
diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
index dacf6a005f87f0c250bb388d05796011de7ed062..c5d8ffba9efdcfe0651e8cb6e0ebfe9257fa75cd 100644 (file)
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -3,10 +3,12 @@
     RewriteEngine on
     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
     RewriteRule .* - [F]
+
     DocumentRoot /srv/web/ipfire/html
     ServerAdmin root@localhost
     ErrorLog /var/log/httpd/error_log
     TransferLog /var/log/httpd/access_log
+
     SSLEngine on
     SSLProtocol all -SSLv2 -SSLv3
     SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA
@@ -18,6 +20,8 @@
     SSLCertificateFile /etc/httpd/server-ecdsa.crt
     SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
 
+    Header always set X-Content-Type-Options nosniff
+
     <Directory /srv/web/ipfire/html>
         Options ExecCGI
         AllowOverride None
diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf
index be15cd041cf274905e73532452907085d6ba904a..5c7ddc7197cbb1a0dcb9cf513d86a9510ef36cfa 100644 (file)
--- a/config/httpd/vhosts.d/ipfire-interface.conf
+++ b/config/httpd/vhosts.d/ipfire-interface.conf
@@ -6,6 +6,8 @@
     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
     RewriteRule .* - [F]
 
+    Header always set X-Content-Type-Options nosniff
+
     <Directory /srv/web/ipfire/html>
         Options ExecCGI
         AllowOverride None
Peter's tree of IPFire 2.x