From d435f29308e0117d9142d4e7a2a70b9c5c125313 Mon Sep 17 00:00:00 2001 From: Keegan McAllister Date: Fri, 30 Nov 2012 21:08:26 -0500 Subject: [PATCH] Add X-Frame-Options header on nagios, trac, wiki Prevents clickjacking attacks. (imported from commit 8b3872e607d8a4e714c280a3226465fde0d5a6ed) --- servers/puppet/files/apache/sites/nagios | 1 + servers/puppet/files/apache/sites/trac | 1 + servers/puppet/files/apache/sites/wiki | 1 + 3 files changed, 3 insertions(+) diff --git a/servers/puppet/files/apache/sites/nagios b/servers/puppet/files/apache/sites/nagios index 6e265f2a35..c814329d34 100644 --- a/servers/puppet/files/apache/sites/nagios +++ b/servers/puppet/files/apache/sites/nagios @@ -11,6 +11,7 @@ SSLCertificateKeyFile /etc/apache2/certs/humbug-self-signed.key Header add Strict-Transport-Security "max-age=15768000" + Header add X-Frame-Options DENY ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3 ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3 diff --git a/servers/puppet/files/apache/sites/trac b/servers/puppet/files/apache/sites/trac index 1a25998b88..1d43c2e5be 100644 --- a/servers/puppet/files/apache/sites/trac +++ b/servers/puppet/files/apache/sites/trac @@ -11,6 +11,7 @@ SSLCertificateKeyFile /etc/apache2/certs/humbug-self-signed.key Header add Strict-Transport-Security "max-age=15768000" + Header add X-Frame-Options DENY Alias /chrome/common /home/humbug/trac/htdocs/common Alias /chrome/site /home/humbug/trac/htdocs/site diff --git a/servers/puppet/files/apache/sites/wiki b/servers/puppet/files/apache/sites/wiki index c14be76893..7b8cd6e04f 100644 --- a/servers/puppet/files/apache/sites/wiki +++ b/servers/puppet/files/apache/sites/wiki @@ -11,6 +11,7 @@ SSLCertificateKeyFile /etc/apache2/certs/humbug-self-signed.key Header add Strict-Transport-Security "max-age=15768000" + Header add X-Frame-Options DENY RewriteEngine On ProxyPreserveHost On