Raastech Blog: Apache hardening

Friday, September 29, 2017

Apache hardening

Don't forget to add these to your Apache (or OHS) configuration in httpd.conf:

Header set X-XSS-Protection "l;mode=block"Header set Content-Security-Policy "default-src *;"Header set X-Content-Type-Options "nosniff"Header set Cache-Control "no-store"Header set X-Frame-Options SAMEORIGIN

Happy hardening!

Applicable Versions

Apache
Oracle HTTP Server (OHS) 11g/12c

No comments:

Raastech Blog

What you find here, most likely you won't find elsewhere.

The Raastech Blog has unique posts that are meant to share our experiences, provide resolutions to both simple and complex problems, and share our technical knowledge with the community.

We focus on Oracle Fusion Middleware technologies such as Oracle SOA Suite, Oracle Application Integration Architecture (AIA), Oracle Data Integrator (ODI), Oracle WebLogic Server, Oracle Web Services Manager (OWSM), Oracle Service Bus (OSB), WebCenter, and more.