Fixes #3253 - Remove ServerTokens from apache configurations

This commit is contained in:
Marcel Herrguth 2020-12-30 16:55:31 +01:00 committed by Martin Edenhofer
parent 893acd2656
commit 8c6ac52ef6
2 changed files with 9 additions and 16 deletions

View file

@ -2,13 +2,13 @@
# this is the apache config for zammad
#
# security - prevent information disclosure about server version
ServerTokens Prod
<VirtualHost *:80>
# replace 'localhost' with your fqdn if you want to use zammad from remote
ServerName localhost
# security - prevent information disclosure about server version
ServerTokens Prod
## don't loose time with IP address lookups
HostnameLookups Off

View file

@ -1,18 +1,14 @@
#
# this is an example apache 2.4 config for zammad with free letsencrypt.org ssl certificates
# replace all occurrences of example.com with your domain
# create letsencrypt certificate by: certbot certonly --webroot -w /var/www/html -d www.example.com
# create dhparam.pem by: openssl dhparam -out /etc/ssl/dhparam.pem 4096
# download x3 certificate by: wget -q https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -P /etc/ssl
# you can test your ssl configuration @ https://www.ssllabs.com/ssltest/analyze.html
# this is an example apache 2.4 config for zammad
# Please visit https://docs.zammad.org for further input on how to configure
# your apache to work with Zammad
#
<VirtualHost *:80>
ServerName example.com
# security - prevent information disclosure about server version
ServerTokens Prod
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com
</VirtualHost>
@ -29,9 +25,6 @@
# replace 'localhost' with your fqdn if you want to use zammad from remote
ServerName localhost
# security - prevent information disclosure about server version
ServerTokens Prod
## don't loose time with IP address lookups
HostnameLookups Off