-
Notifications
You must be signed in to change notification settings - Fork 695
/
Copy pathsource.conf
75 lines (64 loc) · 2.07 KB
/
source.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
ServerName {{ apache_listening_address | default('127.0.0.1') }}
<VirtualHost {{ apache_listening_address | default('127.0.0.1') }}:80>
DocumentRoot /var/www/securedrop/static
Alias /static /var/www/securedrop/static
WSGIDaemonProcess source processes=2 threads=30 display-name=%{GROUP} python-path=/var/www/securedrop
WSGIProcessGroup source
WSGIScriptAlias / /var/www/source.wsgi/
AddType text/html .py
XSendFile Off
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly
Header set Pragma "no-cache"
Header set Expires "-1"
Header always append X-Frame-Options: DENY
Header set X-XSS-Protection: "1; mode=block"
Header set X-Content-Type-Options: nosniff
Header set X-Content-Security-Policy: "default-src 'self'"
Header set X-Download-Options: noopen
Header set Content-Security-Policy: "default-src 'self'"
Header unset Etag
# Limit the max submitted size of requests.
LimitRequestBody 524288000
#Redirect error pages to ensure headers are sent
ErrorDocument 400 /notfound
ErrorDocument 401 /notfound
ErrorDocument 403 /notfound
ErrorDocument 404 /notfound
ErrorDocument 500 /notfound
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory /var/www/>
Options {{ apache_dir_options | default('None') }}
AllowOverride None
<Limit GET POST HEAD>
Order allow,deny
allow from {{ apache_allow_from | default('127.0.0.1') }}
</Limit>
<LimitExcept GET POST HEAD>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
<Directory /var/www/securedrop>
Options {{ apache_dir_options | default('None') }}
AllowOverride None
<Limit GET POST HEAD>
Order allow,deny
allow from {{ apache_allow_from | default('127.0.0.1') }}
</Limit>
<LimitExcept GET POST HEAD>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1\.1$
RewriteRule .* - [F]
ErrorLog {{ source_apache_log_location | default('/dev/null') }}
LogLevel {{ apache_logging_level | default('crit') }}
</VirtualHost>