Blacksly/security

## security
#
# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
# Debian packages.
#
#<Directory />
#       AllowOverride None
#       Order Deny,Allow
#       Deny from all
#</Directory>


# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
#ServerTokens Minimal
ServerTokens OS
#ServerTokens Full

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
#ServerSignature Off
#ServerSignature On

#
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of:  On | Off | extended
#
TraceEnable Off
#TraceEnable On

#
# Forbid access to version control directories
#
# If you use version control systems in your document root, you should
# probably deny access to their directories. For example, for subversion:
#
#<DirectoryMatch "/\.svn">
#       Deny from all
#       Satisfy all
#</DirectoryMatch>

#
# Setting this header will prevent MSIE from interpreting files as something
# else than declared by the content type in the HTTP headers.
# Requires mod_headers to be enabled.
#
#Header set X-Content-Type-Options: "nosniff"

#
# Some browsers have a built-in XSS filter that will detect some cross site
# scripting attacks. By default, these browsers modify the suspicious part of
# the page and display the result. This behavior can create various problems
# including new security issues. This header will tell the XSS filter to
# completely block access to the page instead.
# Requires mod_headers to be enabled.
#
#Header set X-XSS-Protection: "1; mode=block"

#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
#Header set X-Frame-Options: "sameorigin"
	#
	# Disable access to the entire file system except for the directories that
	# are explicitly allowed later.
	#
	# This currently breaks the configurations that come with some web application
	# Debian packages.
	#
	#<Directory />
	# AllowOverride None
	# Order Deny,Allow
	# Deny from all
	#</Directory>


	# Changing the following options will not really affect the security of the
	# server, but might make attacks slightly more difficult in some cases.

	#
	# ServerTokens
	# This directive configures what you return as the Server HTTP response
	# Header. The default is 'Full' which sends information about the OS-Type
	# and compiled in modules.
	# Set to one of: Full \| OS \| Minimal \| Minor \| Major \| Prod
	# where Full conveys the most information, and Prod the least.
	#
	#ServerTokens Minimal
	ServerTokens OS
	#ServerTokens Full

	#
	# Optionally add a line containing the server version and virtual host
	# name to server-generated pages (internal error documents, FTP directory
	# listings, mod_status and mod_info output etc., but not CGI generated
	# documents or custom error documents).
	# Set to "EMail" to also include a mailto: link to the ServerAdmin.
	# Set to one of: On \| Off \| EMail
	#
	#ServerSignature Off
	#ServerSignature On

	#
	# Allow TRACE method
	#
	# Set to "extended" to also reflect the request body (only for testing and
	# diagnostic purposes).
	#
	# Set to one of: On \| Off \| extended
	#
	TraceEnable Off
	#TraceEnable On

	#
	# Forbid access to version control directories
	#
	# If you use version control systems in your document root, you should
	# probably deny access to their directories. For example, for subversion:
	#
	#<DirectoryMatch "/\.svn">
	# Deny from all
	# Satisfy all
	#</DirectoryMatch>

	#
	# Setting this header will prevent MSIE from interpreting files as something
	# else than declared by the content type in the HTTP headers.
	# Requires mod_headers to be enabled.
	#
	#Header set X-Content-Type-Options: "nosniff"

	#
	# Some browsers have a built-in XSS filter that will detect some cross site
	# scripting attacks. By default, these browsers modify the suspicious part of
	# the page and display the result. This behavior can create various problems
	# including new security issues. This header will tell the XSS filter to
	# completely block access to the page instead.
	# Requires mod_headers to be enabled.
	#
	#Header set X-XSS-Protection: "1; mode=block"

	#
	# Setting this header will prevent other sites from embedding pages from this
	# site as frames. This defends against clickjacking attacks.
	# Requires mod_headers to be enabled.
	#
	#Header set X-Frame-Options: "sameorigin"