Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Enhancement: Harden default reverse proxy configuration to not send it's name and version number to the client.

Browse source
This commit is contained in:
Rolf Schmidt 2020-02-11 17:10:43 +01:00 committed by Thorsten Eckel
parent deaac071cb
commit 7a78645e3b
4 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
contrib/apache2/zammad.conf
View file

@ -6,6 +6,9 @@
# replace 'localhost' with your fqdn if you want to use zammad from remote # replace 'localhost' with your fqdn if you want to use zammad from remote
ServerName localhost ServerName localhost
# security - prevent information disclosure about server version
ServerTokens Prod
## don't loose time with IP address lookups ## don't loose time with IP address lookups
HostnameLookups Off HostnameLookups Off

9
contrib/apache2/zammad_ssl.conf
View file

@ -9,6 +9,10 @@
<VirtualHost *:80> <VirtualHost *:80>
ServerName example.com ServerName example.com
# security - prevent information disclosure about server version
ServerTokens Prod
Redirect permanent / https://example.com Redirect permanent / https://example.com
</VirtualHost> </VirtualHost>
@ -25,6 +29,9 @@
# replace 'localhost' with your fqdn if you want to use zammad from remote # replace 'localhost' with your fqdn if you want to use zammad from remote
ServerName localhost ServerName localhost
# security - prevent information disclosure about server version
ServerTokens Prod
## don't loose time with IP address lookups ## don't loose time with IP address lookups
HostnameLookups Off HostnameLookups Off
@ -46,7 +53,7 @@
ProxyPass /robots.txt ! ProxyPass /robots.txt !
ProxyPass /ws ws://127.0.0.1:6042/ ProxyPass /ws ws://127.0.0.1:6042/
ProxyPass / http://127.0.0.1:3000/ ProxyPass / http://127.0.0.1:3000/
# Use settings below if proxying does not work and you receive HTTP-Errror 404 # Use settings below if proxying does not work and you receive HTTP-Errror 404
# if you use the settings below, make sure to comment out the above two options # if you use the settings below, make sure to comment out the above two options
# This may not apply to all systems, applies to openSuse # This may not apply to all systems, applies to openSuse

3
contrib/nginx/zammad.conf
View file

@ -16,6 +16,9 @@ server {
# replace 'localhost' with your fqdn if you want to use zammad from remote # replace 'localhost' with your fqdn if you want to use zammad from remote
server_name localhost; server_name localhost;
# security - prevent information disclosure about server version
server_tokens off;
root /opt/zammad/public; root /opt/zammad/public;
access_log /var/log/nginx/zammad.access.log; access_log /var/log/nginx/zammad.access.log;

6
contrib/nginx/zammad_ssl.conf
View file

@ -21,6 +21,9 @@ server {
server_name example.com; server_name example.com;
# security - prevent information disclosure about server version
server_tokens off;
access_log /var/log/nginx/zammad.access.log; access_log /var/log/nginx/zammad.access.log;
error_log /var/log/nginx/zammad.error.log; error_log /var/log/nginx/zammad.error.log;
@ -38,6 +41,9 @@ server {
server_name example.com; server_name example.com;
# security - prevent information disclosure about server version
server_tokens off;
ssl_certificate /etc/nginx/ssl/example.com-fullchain.pem; ssl_certificate /etc/nginx/ssl/example.com-fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/example.com-privkey.pem; ssl_certificate_key /etc/nginx/ssl/example.com-privkey.pem;