docs/conf/extra/httpd-policy.conf.in - httpd - Git at Google


 #
 # Load the module if not already present
 <IfModule !mod_policy.c>
   LoadModule policy_module modules/mod_policy.so
 </IfModule>

 #
 # Typical policy for static content.
 # Swap "enforce" for "log" to complain about violations rather
 # than failing.
 <Location />
   SetOutputFilter POLICY_TYPE;POLICY_LENGTH;POLICY_KEEPALIVE;POLICY_VARY;POLICY_VALIDATION;POLICY_CONDITIONAL;POLICY_NOCACHE;POLICY_MAXAGE

   # content type must be present and valid, but can be anything<br />
   PolicyType enforce */*<br />

   # reject if no explicitly declared content length<br />
   PolicyLength enforce<br />

   # covered by the policy length filter<br />
   PolicyKeepalive ignore<br />

   # reject if User-Agent appears within Vary headers<br />
   PolicyVary enforce User-Agent<br />

   # we want to enforce validation<br />
   PolicyValidation enforce<br />

   # non-functional conditional responses should be rejected<br />
   PolicyConditional enforce<br />

   # no-cache responses should be rejected<br />
   PolicyNocache enforce<br />

   # maxage must be at least a day<br />
   PolicyMaxage enforce 86400<br />

   # request version can be anything<br />
   PolicyVersion ignore HTTP/1.1<br />

   # define documentation links
   PolicyConditionalURL http://httpd.apache.org/docs/trunk/compliance.html#policyconditional
   PolicyLengthURL http://httpd.apache.org/docs/trunk/compliance.html#policylength
   PolicyTypeURL http://httpd.apache.org/docs/trunk/compliance.html#policytype
   PolicyKeepaliveURL http://httpd.apache.org/docs/trunk/compliance.html#policykeepalive
   PolicyMaxageURL http://httpd.apache.org/docs/trunk/compliance.html#policymaxage
   PolicyNocacheURL http://httpd.apache.org/docs/trunk/compliance.html#policynocache
   PolicyValidationURL http://httpd.apache.org/docs/trunk/compliance.html#policyvalidation
   PolicyVaryURL http://httpd.apache.org/docs/trunk/compliance.html#policyvary
   PolicyVersionURL http://httpd.apache.org/docs/trunk/compliance.html#policyversion

 </Location>

 #
 # Server status can be bypassed
 <Location /server-status>
   PolicyFilter off
 </Location>

	#
	# Load the module if not already present
	<IfModule !mod_policy.c>
	LoadModule policy_module modules/mod_policy.so
	</IfModule>

	#
	# Typical policy for static content.
	# Swap "enforce" for "log" to complain about violations rather
	# than failing.
	<Location />
	SetOutputFilter POLICY_TYPE;POLICY_LENGTH;POLICY_KEEPALIVE;POLICY_VARY;POLICY_VALIDATION;POLICY_CONDITIONAL;POLICY_NOCACHE;POLICY_MAXAGE

	# content type must be present and valid, but can be anything<br />
	PolicyType enforce /<br />

	# reject if no explicitly declared content length<br />
	PolicyLength enforce<br />

	# covered by the policy length filter<br />
	PolicyKeepalive ignore<br />

	# reject if User-Agent appears within Vary headers<br />
	PolicyVary enforce User-Agent<br />

	# we want to enforce validation<br />
	PolicyValidation enforce<br />

	# non-functional conditional responses should be rejected<br />
	PolicyConditional enforce<br />

	# no-cache responses should be rejected<br />
	PolicyNocache enforce<br />

	# maxage must be at least a day<br />
	PolicyMaxage enforce 86400<br />

	# request version can be anything<br />
	PolicyVersion ignore HTTP/1.1<br />

	# define documentation links
	PolicyConditionalURL http://httpd.apache.org/docs/trunk/compliance.html#policyconditional
	PolicyLengthURL http://httpd.apache.org/docs/trunk/compliance.html#policylength
	PolicyTypeURL http://httpd.apache.org/docs/trunk/compliance.html#policytype
	PolicyKeepaliveURL http://httpd.apache.org/docs/trunk/compliance.html#policykeepalive
	PolicyMaxageURL http://httpd.apache.org/docs/trunk/compliance.html#policymaxage
	PolicyNocacheURL http://httpd.apache.org/docs/trunk/compliance.html#policynocache
	PolicyValidationURL http://httpd.apache.org/docs/trunk/compliance.html#policyvalidation
	PolicyVaryURL http://httpd.apache.org/docs/trunk/compliance.html#policyvary
	PolicyVersionURL http://httpd.apache.org/docs/trunk/compliance.html#policyversion

	</Location>

	#
	# Server status can be bypassed
	<Location /server-status>
	PolicyFilter off
	</Location>