| # |
| # Load the module if not already present |
| <IfModule !mod_policy.c> |
| LoadModule policy_module modules/mod_policy.so |
| </IfModule> |
| |
| # |
| # Typical policy for static content. |
| # Swap "enforce" for "log" to complain about violations rather |
| # than failing. |
| <Location /> |
| SetOutputFilter POLICY_TYPE;POLICY_LENGTH;POLICY_KEEPALIVE;POLICY_VARY;POLICY_VALIDATION;POLICY_CONDITIONAL;POLICY_NOCACHE;POLICY_MAXAGE |
| |
| # content type must be present and valid, but can be anything |
| PolicyType enforce */* |
| |
| # reject if no explicitly declared content length |
| PolicyLength enforce |
| |
| # covered by the policy length filter |
| PolicyKeepalive ignore |
| |
| # reject if User-Agent appears within Vary headers |
| PolicyVary enforce User-Agent |
| |
| # we want to enforce validation |
| PolicyValidation enforce |
| |
| # non-functional conditional responses should be rejected |
| PolicyConditional enforce |
| |
| # no-cache responses should be rejected |
| PolicyNocache enforce |
| |
| # maxage must be at least a day |
| PolicyMaxage enforce 86400 |
| |
| # request version can be anything |
| PolicyVersion ignore HTTP/1.1 |
| |
| # define documentation links |
| PolicyConditionalURL http://httpd.apache.org/docs/trunk/compliance.html#policyconditional |
| PolicyLengthURL http://httpd.apache.org/docs/trunk/compliance.html#policylength |
| PolicyTypeURL http://httpd.apache.org/docs/trunk/compliance.html#policytype |
| PolicyKeepaliveURL http://httpd.apache.org/docs/trunk/compliance.html#policykeepalive |
| PolicyMaxageURL http://httpd.apache.org/docs/trunk/compliance.html#policymaxage |
| PolicyNocacheURL http://httpd.apache.org/docs/trunk/compliance.html#policynocache |
| PolicyValidationURL http://httpd.apache.org/docs/trunk/compliance.html#policyvalidation |
| PolicyVaryURL http://httpd.apache.org/docs/trunk/compliance.html#policyvary |
| PolicyVersionURL http://httpd.apache.org/docs/trunk/compliance.html#policyversion |
| |
| </Location> |
| |
| # |
| # Server status can be bypassed |
| <Location /server-status> |
| PolicyFilter off |
| </Location> |