Difference between revisions of "Hardening"
Jump to navigation
Jump to search
| (2 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
<code>add_header X-Content-Type-Options nosniff</code> Avoid MIME type sniffing by saying that the MIME types are deliberately configured</br> | <code>add_header X-Content-Type-Options nosniff</code> Avoid MIME type sniffing by saying that the MIME types are deliberately configured</br> | ||
<code>add_header X-XSS-Protection "1; mode=block"</code> lock pages from loading when they detect reflected XSS attacks</br> | <code>add_header X-XSS-Protection "1; mode=block"</code> lock pages from loading when they detect reflected XSS attacks</br> | ||
<code>add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always | <code>add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always</code> enable HSTS</br> | ||
=== Server Config === | === Server Config === | ||
<code>location / | /etc/nginx/conf.d/wordpress.conf</br> | ||
<code>location /wp-admin {\ allow 1.2.3.4;\ deny all;\ }</code> Block access to /wp-admin/, unless source IP is 1.2.3.4</br> | |||
Latest revision as of 15:00, 4 January 2023
nginx
HTTP Config
/etc/nginx/nginx.conf:
server_tokens off Stop the server from advertising versions
add_header X-Frame-Options SAMEORIGIN always Stop the website to be framed into other websites
add_header X-Content-Type-Options nosniff Avoid MIME type sniffing by saying that the MIME types are deliberately configured
add_header X-XSS-Protection "1; mode=block" lock pages from loading when they detect reflected XSS attacks
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always enable HSTS
Server Config
/etc/nginx/conf.d/wordpress.conf
location /wp-admin {\ allow 1.2.3.4;\ deny all;\ } Block access to /wp-admin/, unless source IP is 1.2.3.4