Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Browse Source

Enhancement: Harden default reverse proxy configuration to not send it's name and version number to the client.

Rolf Schmidt 5 years ago
parent
deaac071cb
commit
7a78645e3b
4 changed files with 20 additions and 1 deletions
Split View Show Diff Stats
  1. 3 0
      contrib/apache2/zammad.conf
  2. 8 1
      contrib/apache2/zammad_ssl.conf
  3. 3 0
      contrib/nginx/zammad.conf
  4. 6 0
      contrib/nginx/zammad_ssl.conf

+ 3 - 0
contrib/apache2/zammad.conf
View File 

@@ -6,6 +6,9 @@
 
     # replace 'localhost' with your fqdn if you want to use zammad from remote
 
     ServerName localhost
 
 
+    # security - prevent information disclosure about server version
 
+    ServerTokens Prod
 
+
 
     ## don't loose time with IP address lookups
 
     HostnameLookups Off

+ 8 - 1
contrib/apache2/zammad_ssl.conf
View File 

@@ -9,6 +9,10 @@
 
 
 <VirtualHost *:80>
 
     ServerName example.com
 
+
 
+    # security - prevent information disclosure about server version
 
+    ServerTokens Prod
 
+
 
     Redirect permanent / https://example.com
 
 </VirtualHost>
 
 
@@ -25,6 +29,9 @@
 
     # replace 'localhost' with your fqdn if you want to use zammad from remote
 
     ServerName localhost
 
 
+    # security - prevent information disclosure about server version
 
+    ServerTokens Prod
 
+
 
     ## don't loose time with IP address lookups
 
     HostnameLookups Off
 
 
@@ -46,7 +53,7 @@
 
     ProxyPass /robots.txt !
 
     ProxyPass /ws ws://127.0.0.1:6042/
 
     ProxyPass / http://127.0.0.1:3000/
 
-    
+
 
     # Use settings below if proxying does not work and you receive HTTP-Errror 404
 
     # if you use the settings below, make sure to comment out the above two options
 
     # This may not apply to all systems, applies to openSuse

+ 3 - 0
contrib/nginx/zammad.conf
View File 

@@ -16,6 +16,9 @@ server {
 
     # replace 'localhost' with your fqdn if you want to use zammad from remote
 
     server_name localhost;
 
 
+    # security - prevent information disclosure about server version
 
+    server_tokens off;
 
+
 
     root /opt/zammad/public;
 
 
     access_log /var/log/nginx/zammad.access.log;

+ 6 - 0
contrib/nginx/zammad_ssl.conf
View File 

@@ -21,6 +21,9 @@ server {
 
 
   server_name example.com;
 
 
+  # security - prevent information disclosure about server version
 
+  server_tokens off;
 
+
 
   access_log /var/log/nginx/zammad.access.log;
 
   error_log /var/log/nginx/zammad.error.log;
 
 
@@ -38,6 +41,9 @@ server {
 
 
   server_name example.com;
 
 
+  # security - prevent information disclosure about server version
 
+  server_tokens off;
 
+
 
   ssl_certificate /etc/nginx/ssl/example.com-fullchain.pem;
 
   ssl_certificate_key /etc/nginx/ssl/example.com-privkey.pem;