Self Service HTTP Security Headers
23 views
Skip to first unread message
Ильяс Утельбаев
Dec 13, 2023, 3:52:57 AM12/13/23
to RCDevs Security
Hello!
Scanner detected HTTP Security Headers vulnerability on our self-service page.
How we can tune these settings?
Set proper X-Content-Type-Options and HTTP Strict-Transport Security
X-Content-Type-Options:
Apache: Header always set X-Content-Type-Options: nosniff
HTTP Strict-Transport-Security:
Apache: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Nginx: add_header Strict-Transport-Security max-age=31536000;
many thanks
Yoann Traut (RCDevs)
Dec 13, 2023, 7:29:02 AM12/13/23
to RCDevs Security
Hello,
If the problem is on the internal URLs then it must be changed in httpd.ini of WebADM
If the problem is on the internal URLs then it must be changed in httpd.ini of WebADM
It can be customized in /opt/webadm/lib/httpd.ini
If the problem is on the public URL then it must be changed in httpd.ini of WAProxy
It can be customized in /opt/waproxy/lib/httpd.ini
Change in httpd.ini will not survive to WebADM/WAproxy upgrades.
Regards
Reply all
Reply to author
Forward
0 new messages