githubFork/roundcubemail.git

Move commented mod_headers settings to the end of the file

Aleksander Machniak

2016-05-09 bf19fe2d1aaa3ca390b9175d3e1d17070e166843

commit \| author \| age
4c7a98	1	# AddDefaultCharset UTF-8
0d1dd7	2	AddType text/x-component .htc
ef9641	3
34942e	4	<IfModule mod_php5.c>
4c7a98	5	php_flag display_errors Off
AM	6	php_flag log_errors On
	7	# php_value error_log logs/errors
aaa6ac	8
93e12f	9	php_value upload_max_filesize 5M
AM	10	php_value post_max_size 6M
4c7a98	11	php_value memory_limit 64M
aaa6ac	12
4c7a98	13	php_flag register_globals Off
AM	14	php_flag zlib.output_compression Off
	15	php_flag magic_quotes_gpc Off
	16	php_flag magic_quotes_runtime Off
	17	php_flag suhosin.session.encrypt Off
aaa6ac	18
4c7a98	19	#php_value session.cookie_path /
e2bcea	20	#php_value session.hash_function sha256
4c7a98	21	php_flag session.auto_start Off
AM	22	php_value session.gc_maxlifetime 21600
	23	php_value session.gc_divisor 500
	24	php_value session.gc_probability 1
34942e	25	</IfModule>
4e17e6	26
34942e	27	<IfModule mod_rewrite.c>
0b9b9f	28	Options +FollowSymLinks
34942e	29	RewriteEngine On
aff970	30	RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
88934b	31
2dade1	32	# security rules:
AM	33	# - deny access to files not containing a dot or starting with a dot
	34	# in all locations except installer directory
1c2aad	35	RewriteRule ^(?!installer\|\.well-known\/\|[a-zA-Z0-9]{16})(\.?[^\.]+)$ - [F]
2dade1	36	# - deny access to some locations
AM	37	RewriteRule ^/?(\.git\|\.tx\|SQL\|bin\|config\|logs\|temp\|tests\|program\/(include\|lib\|localization\|steps)) - [F]
	38	# - deny access to some documentation files
fd0583	39	RewriteRule /?(README\.md\|composer\.json-dist\|composer\.json\|package\.xml\|Dockerfile)$ - [F]
e3f427	40	</IfModule>
cb3ea1	41
d7f49d	42	<IfModule mod_deflate.c>
T	43	SetOutputFilter DEFLATE
	44	</IfModule>
	45
bf19fe	46	<IfModule mod_expires.c>
AM	47	ExpiresActive On
	48	ExpiresDefault "access plus 1 month"
	49	</IfModule>
	50
	51	FileETag MTime Size
	52
	53	<IfModule mod_autoindex.c>
	54	Options -Indexes
	55	</ifModule>
	56
d7f49d	57	<IfModule mod_headers.c>
T	58	# replace 'append' with 'merge' for Apache version 2.2.9 and later
832890	59	#Header append Cache-Control public env=!NO_CACHE
7b4f71	60
R	61	# Optional security header
	62	# Only increased security if the browser support those features
	63	# Be careful! Testing is required! They should be adusted to your intallation / user environment
	64
	65	# HSTS - HTTP Strict Transport Security
	66	#Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS
	67
	68	# HPKP - HTTP Public Key Pinning
	69	# Only template - fill with your values
	70	#Header always set Public-Key-Pins "max-age=3600; report-uri=\"\"; pin-sha256=\"\"; pin-sha256=\"\"" env=HTTPS
	71
	72	# X-Xss-Protection
	73	# This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit).
	74	#Header set X-XSS-Protection "1; mode=block"
	75
	76	# X-Frame-Options
	77	# The X-Frame-Options header (RFC), or XFO header, protects your visitors against clickjacking attacks
	78	# Already set by php code! Do not activate both options
	79	#Header set X-Frame-Options SAMEORIGIN
	80
	81	# X-Content-Type-Options
	82	# It prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server.
	83	#Header set X-Content-Type-Options: "nosniff"
	84
	85	# CSP - Content Security Policy
348c53	86	# for better privacy/security ask browsers to not set the Referer
7b4f71	87	# more flags for script, stylesheets and images available, read RFC for more information
348c53	88	#Header set Content-Security-Policy "referrer no-referrer"
d7f49d	89	</IfModule>