docs/conf/extra/httpd-policy.conf.in - httpd - Git at Google

 #
 # Load the module if not already present
 <IfModule !mod_policy.c>
   LoadModule policy_module modules/mod_policy.so
 </IfModule>

 #
 # Typical policy for static content.
 # Swap "enforce" for "log" to complain about violations rather
 # than failing.
 <Location />
   SetOutputFilter POLICY_TYPE;POLICY_LENGTH;POLICY_KEEPALIVE;POLICY_VARY;POLICY_VALIDATION;POLICY_CONDITIONAL;POLICY_NOCACHE;POLICY_MAXAGE

   # content type must be present and valid, but can be anything
   PolicyType enforce */*

   # reject if no explicitly declared content length
   PolicyLength enforce

   # covered by the policy length filter
   PolicyKeepalive ignore

   # reject if User-Agent appears within Vary headers
   PolicyVary enforce User-Agent

   # we want to enforce validation
   PolicyValidation enforce

   # non-functional conditional responses should be rejected
   PolicyConditional enforce

   # no-cache responses should be rejected
   PolicyNocache enforce

   # maxage must be at least a day
   PolicyMaxage enforce 86400

   # request version can be anything
   PolicyVersion ignore HTTP/1.1

   # define documentation links
   PolicyConditionalURL http://httpd.apache.org/docs/trunk/compliance.html#policyconditional
   PolicyLengthURL http://httpd.apache.org/docs/trunk/compliance.html#policylength
   PolicyTypeURL http://httpd.apache.org/docs/trunk/compliance.html#policytype
   PolicyKeepaliveURL http://httpd.apache.org/docs/trunk/compliance.html#policykeepalive
   PolicyMaxageURL http://httpd.apache.org/docs/trunk/compliance.html#policymaxage
   PolicyNocacheURL http://httpd.apache.org/docs/trunk/compliance.html#policynocache
   PolicyValidationURL http://httpd.apache.org/docs/trunk/compliance.html#policyvalidation
   PolicyVaryURL http://httpd.apache.org/docs/trunk/compliance.html#policyvary
   PolicyVersionURL http://httpd.apache.org/docs/trunk/compliance.html#policyversion

 </Location>

 #
 # Server status can be bypassed
 <Location /server-status>
   PolicyFilter off
 </Location>
	#
	# Load the module if not already present
	<IfModule !mod_policy.c>
	LoadModule policy_module modules/mod_policy.so
	</IfModule>

	#
	# Typical policy for static content.
	# Swap "enforce" for "log" to complain about violations rather
	# than failing.
	<Location />
	SetOutputFilter POLICY_TYPE;POLICY_LENGTH;POLICY_KEEPALIVE;POLICY_VARY;POLICY_VALIDATION;POLICY_CONDITIONAL;POLICY_NOCACHE;POLICY_MAXAGE

	# content type must be present and valid, but can be anything
	PolicyType enforce /

	# reject if no explicitly declared content length
	PolicyLength enforce

	# covered by the policy length filter
	PolicyKeepalive ignore

	# reject if User-Agent appears within Vary headers
	PolicyVary enforce User-Agent

	# we want to enforce validation
	PolicyValidation enforce

	# non-functional conditional responses should be rejected
	PolicyConditional enforce

	# no-cache responses should be rejected
	PolicyNocache enforce

	# maxage must be at least a day
	PolicyMaxage enforce 86400

	# request version can be anything
	PolicyVersion ignore HTTP/1.1

	# define documentation links
	PolicyConditionalURL http://httpd.apache.org/docs/trunk/compliance.html#policyconditional
	PolicyLengthURL http://httpd.apache.org/docs/trunk/compliance.html#policylength
	PolicyTypeURL http://httpd.apache.org/docs/trunk/compliance.html#policytype
	PolicyKeepaliveURL http://httpd.apache.org/docs/trunk/compliance.html#policykeepalive
	PolicyMaxageURL http://httpd.apache.org/docs/trunk/compliance.html#policymaxage
	PolicyNocacheURL http://httpd.apache.org/docs/trunk/compliance.html#policynocache
	PolicyValidationURL http://httpd.apache.org/docs/trunk/compliance.html#policyvalidation
	PolicyVaryURL http://httpd.apache.org/docs/trunk/compliance.html#policyvary
	PolicyVersionURL http://httpd.apache.org/docs/trunk/compliance.html#policyversion

	</Location>

	#
	# Server status can be bypassed
	<Location /server-status>
	PolicyFilter off
	</Location>