Revision as of 14:40, 4 January 2023

nginx

HTTP Config

/etc/nginx/nginx.conf:
server_tokens off Stop the server from advertising versions
add_header X-Frame-Options SAMEORIGIN always Stop the website to be framed into other websites
add_header X-Content-Type-Options nosniff Avoid MIME type sniffing by saying that the MIME types are deliberately configured
add_header X-XSS-Protection "1; mode=block" lock pages from loading when they detect reflected XSS attacks
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; enable HSTS

Server Config

location /(wp-admin|wp-login\.php) {\ allow 1.2.3.4;\ deny all;\ } Block access to /wp-admin/, unless source IP is 1.2.3.4

@@ Line 7: / Line 7: @@
 <code>add_header X-Content-Type-Options nosniff</code> Avoid MIME type sniffing by saying that the MIME types are deliberately configured</br>
 <code>add_header X-XSS-Protection "1; mode=block"</code> lock pages from loading when they detect reflected XSS attacks</br>
+<code>add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;</code> enable HSTS</br>
 === Server Config ===
 <code>location /(wp-admin|wp-login\.php) {\ allow 1.2.3.4;\ deny all;\ }</code> Block access to /wp-admin/, unless source IP is 1.2.3.4</br>

Difference between revisions of "Hardening"

Revision as of 14:40, 4 January 2023

nginx

HTTP Config

Server Config

Navigation menu

Difference between revisions of "Hardening"

Revision as of 14:40, 4 January 2023

nginx

HTTP Config

Server Config

Navigation menu

Search