Ok, so I've added these 2 lines to the top of my Apache config file:
LoadModule headers_module modules/mod_headers.so
Header set X-Content-Type-Options nosniff
And tried to restart the server. The server doesn't seem to like that first line and won't restart until I remove it. It takes the 2nd line, but I can't see that it's doing anything - I'm not seeing the 'nosniff' listed in the Headers when I look at our pages in Chrome Developer mode.
We're running 7.4...
Thanks
TomH
________________________________
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of Tom Hightower <tomh@xxxxxxxxxxx>
Sent: Monday, November 28, 2022 2:24 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: How do I set a couple of HTTP headers?
Thanks! I'll see what I can do with these.
TomH
________________________________
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of Brad Stone <bvstone@xxxxxxxxx>
Sent: Wednesday, November 23, 2022 8:51 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: How do I set a couple of HTTP headers?
This may help:
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhttpd.apache.org%2Fdocs%2F2.4%2Fmod%2Fmod_headers.html&data=05%7C01%7Ctomh%40idocket.com%7Cd52138aff55c4ac19b8408dad17e8d27%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638052638726155858%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7y2glhlKXHx8BDPGJgX2A9P%2FigGyJ74%2FvIuA%2B9XQ02k%3D&reserved=0
A google search brought up a log of examples from stackoverflow, etc as
well.
For the most part the IBM i Apache server is the same as other platforms.
On Wed, Nov 23, 2022 at 8:47 AM Tom Hightower <tomh@xxxxxxxxxxx> wrote:
We're undergoing a web vulnerability audit and we've been advised to do
set two things:
X-Content-Type-Options:
Apache: Header always set X-Content-Type-Options: nosniff
HTTP Strict-Transport-Security:
Apache: Header always set Strict-Transport-Security "max-age=31536000;
includeSubDomains"
How do I set those two headers in the 'standard' Apache config?
Thanks!
TomH
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.midrange.com%2Fmailman%2Flistinfo%2Fmidrange-l&data=05%7C01%7Ctomh%40idocket.com%7Cd52138aff55c4ac19b8408dad17e8d27%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638052638726155858%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=DOf5e8oPknO4Fz%2BmQO6mahNg0JO512KzOSgSP74LeW8%3D&reserved=0
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchive.midrange.com%2Fmidrange-l&data=05%7C01%7Ctomh%40idocket.com%7Cd52138aff55c4ac19b8408dad17e8d27%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638052638726155858%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=T%2BeJMH1DHe0O8ajPcSQUDvhvGUQnzIlm%2BWX7w6rTaP4%3D&reserved=0.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Famazon.midrange.com%2F&data=05%7C01%7Ctomh%40idocket.com%7Cd52138aff55c4ac19b8408dad17e8d27%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638052638726155858%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FpOGHnXGBOqlOO2AM83Yw1agv84kdfAKDN6%2FXzzsJfg%3D&reserved=0
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.midrange.com%2Fmailman%2Flistinfo%2Fmidrange-l&data=05%7C01%7Ctomh%40idocket.com%7Cd52138aff55c4ac19b8408dad17e8d27%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638052638726155858%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=DOf5e8oPknO4Fz%2BmQO6mahNg0JO512KzOSgSP74LeW8%3D&reserved=0
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchive.midrange.com%2Fmidrange-l&data=05%7C01%7Ctomh%40idocket.com%7Cd52138aff55c4ac19b8408dad17e8d27%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638052638726155858%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=T%2BeJMH1DHe0O8ajPcSQUDvhvGUQnzIlm%2BWX7w6rTaP4%3D&reserved=0.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Famazon.midrange.com%2F&data=05%7C01%7Ctomh%40idocket.com%7Cd52138aff55c4ac19b8408dad17e8d27%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638052638726155858%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FpOGHnXGBOqlOO2AM83Yw1agv84kdfAKDN6%2FXzzsJfg%3D&reserved=0
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.midrange.com%2Fmailman%2Flistinfo%2Fmidrange-l&data=05%7C01%7Ctomh%40idocket.com%7Cd52138aff55c4ac19b8408dad17e8d27%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638052638726155858%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=DOf5e8oPknO4Fz%2BmQO6mahNg0JO512KzOSgSP74LeW8%3D&reserved=0
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchive.midrange.com%2Fmidrange-l&data=05%7C01%7Ctomh%40idocket.com%7Cd52138aff55c4ac19b8408dad17e8d27%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638052638726155858%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=T%2BeJMH1DHe0O8ajPcSQUDvhvGUQnzIlm%2BWX7w6rTaP4%3D&reserved=0.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Famazon.midrange.com%2F&data=05%7C01%7Ctomh%40idocket.com%7Cd52138aff55c4ac19b8408dad17e8d27%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638052638726155858%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FpOGHnXGBOqlOO2AM83Yw1agv84kdfAKDN6%2FXzzsJfg%3D&reserved=0
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
