https://github.com/amenezes/http_hardening
Puppet module to configure and manage secure http headers on web servers
https://github.com/amenezes/http_hardening
Last synced: about 1 month ago
JSON representation
Puppet module to configure and manage secure http headers on web servers
- Host: GitHub
- URL: https://github.com/amenezes/http_hardening
- Owner: amenezes
- License: apache-2.0
- Created: 2016-02-19T12:54:57.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2016-10-11T16:47:17.000Z (over 8 years ago)
- Last Synced: 2024-05-02T05:19:15.074Z (about 1 year ago)
- Language: Puppet
- Homepage:
- Size: 49.8 KB
- Stars: 6
- Watchers: 5
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
### Table of Contents
1. [Overview](#overview)
2. [Module Description](#module-description)
3. [Usage](#usage)
- [Installation](#installation)
- [Use](#use)
4. [Custom Headers](#custom-headers)
5. [Contact](#contact)
### 1. Overview
---
Puppet module to enable, configure and manage secure http headers on web servers.
### 2. Module Description
---
This module provides an easy way to enable, configure and manage secure
http headers on:
- apache2 (debian like distros);
- httpd (redhat like distros);
- nginx;
- lighttpd.
Standard options available are:
$x_frame_options = 'SAMEORIGIN'
$x_content_type_options = 'nosniff'
$x_xss_protection = '1; mode=block'
$x_robots_tag = ''
$public_key_pins = ''
$strict_transport_security = ''
$content_security_policy = ''
$content_security_policy_report_only = ''
$x_content_security_policy = ''
$x_webkit_csp = ''
For more information about secure HTTP headers see:
* [OWASP: Secure Headers Project][1];
* This [article][2] in brazilian portuguese (pt_BR).
### 3. Usage
---
#### Installation
$ puppet module install amenezes-http_hardening
#### Use
* Basic usage for apache2 (Debian like distros) and
httpd (RedHat like distros).
This will enable mod_headers and set standard secure http headers.
class { 'http_hardening':
apache2 => true,
}
class { 'http_hardening':
httpd => true,
}
> **note: RedHat (like distros) users eventually
must allow mod_headers on selinux.**
* Basic usage on nginx.
class { 'http_hardening':
nginx => true,
}
* Basic usage on lighttpd.
class { 'http_hardening':
lighttpd => true,
}
> **note: mod_setenv will be enabled by default, if not already.**
* Custom configuration on apache2 (Debian like distros)
or httpd (RedHat like distros).
class { 'http_hardening':
apache2 => true,
x_frame_options => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}
class { 'http_hardening':
httpd => true,
x_frame_options => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}
* Custom configuration on nginx.
class { 'http_hardening':
nginx => true,
x_frame_options => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}
* Custom configuration on lighttpd.
class { 'http_hardening':
lighttpd => true,
x_frame_options => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}
* Custom HTTP Headers configuration on apache2 or httpd.
http_hardening::custom_apache { 'custom_config_1':
custom_param => 'FilesMatch',
custom_filter => '\.(png|ico|jpeg|jpg|gif)$',
custom_headers => {
'X-XSS-Protection' => '0',
}
}
http_hardening::custom_apache { 'custom_config_2':
custom_filter => '\.(js|css)$',
custom_headers => {
'P3P' => 'CP=\"CAO PSA OUR\"'
}
}
For more information see: man [mod_headers][3]
* Custom HTTP Headers configuration on lighttpd.
http_hardening::custom_lighttpd { 'custom_config_1':
custom_headers => {
'X-XSS-Protection' => '0',
}
}
http_hardening::custom_lighttpd { 'custom_config_2':
custom_filter => '\.(js|css)$',
custom_headers => {
'P3P' => 'CP=\"CAO PSA OUR\"'
}
}
### 5. Contact
author: alexandre menezes
twitter: [@ale_menezes][4]
[1]:https://www.owasp.org/index.php?title=OWASP_Secure_Headers_Project
[2]:https://goo.gl/M9vnpk
[3]:https://goo.gl/d5B2hm
[4]:https://www.twitter.com/ale_menezes