| |
| # |
| # Load the module if not already present |
| <IfModule !mod_policy.c> |
| LoadModule policy_module modules/mod_policy.so |
| </IfModule> |
| |
| # |
| # Typical policy for static content. |
| # Swap "enforce" for "log" to complain about violations rather |
| # than failing. |
| <Location /> |
| SetOutputFilter POLICY_TYPE;POLICY_LENGTH;POLICY_KEEPALIVE;POLICY_VARY;POLICY_VALIDATION;POLICY_CONDITIONAL;POLICY_NOCACHE;POLICY_MAXAGE |
| |
| # content type must be present and valid, but can be anything<br /> |
| PolicyType enforce */*<br /> |
| |
| # reject if no explicitly declared content length<br /> |
| PolicyLength enforce<br /> |
| |
| # covered by the policy length filter<br /> |
| PolicyKeepalive ignore<br /> |
| |
| # reject if User-Agent appears within Vary headers<br /> |
| PolicyVary enforce User-Agent<br /> |
| |
| # we want to enforce validation<br /> |
| PolicyValidation enforce<br /> |
| |
| # non-functional conditional responses should be rejected<br /> |
| PolicyConditional enforce<br /> |
| |
| # no-cache responses should be rejected<br /> |
| PolicyNocache enforce<br /> |
| |
| # maxage must be at least a day<br /> |
| PolicyMaxage enforce 86400<br /> |
| |
| # request version can be anything<br /> |
| PolicyVersion ignore HTTP/1.1<br /> |
| |
| # define documentation links |
| PolicyConditionalURL http://httpd.apache.org/docs/trunk/compliance.html#policyconditional |
| PolicyLengthURL http://httpd.apache.org/docs/trunk/compliance.html#policylength |
| PolicyTypeURL http://httpd.apache.org/docs/trunk/compliance.html#policytype |
| PolicyKeepaliveURL http://httpd.apache.org/docs/trunk/compliance.html#policykeepalive |
| PolicyMaxageURL http://httpd.apache.org/docs/trunk/compliance.html#policymaxage |
| PolicyNocacheURL http://httpd.apache.org/docs/trunk/compliance.html#policynocache |
| PolicyValidationURL http://httpd.apache.org/docs/trunk/compliance.html#policyvalidation |
| PolicyVaryURL http://httpd.apache.org/docs/trunk/compliance.html#policyvary |
| PolicyVersionURL http://httpd.apache.org/docs/trunk/compliance.html#policyversion |
| |
| </Location> |
| |
| # |
| # Server status can be bypassed |
| <Location /server-status> |
| PolicyFilter off |
| </Location> |
| |
| |