반응형
취약점을 방지하기 위한 보안 HTTP 헤더를 설정하기
X-Content-Type-Options
###Apache
Header set X-Content-Type-Options nosniff
###Nginx
add_header X-Content-Type-Options nosniff;
X-XSS-Protection
###Apache
Header set X-XSS-Protection "1; mode=block"
###Nginx
add_header X-XSS-Protection "1; mode=block";
X-Frame-Options
###Apache
Header always append X-Frame-Options DENY
###Nginx
add_header X-Frame-Options “DENY”;
HTTP Strict Transport Securit
###Apache
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
###Nginx
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
https://geekflare.com/http-header-implementation/
apache 설정 및 적용 내용 확인
httpd.conf 편집
$ vim /usr/local/apache2/conf/httpd.conf
...
Header always set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options DENY
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
웹 브라우저 개발툴로 확인
curl 툴로 확인
curl -I http://localhost
$ curl -I http://localhost
HTTP/1.1 200 OK
Date: Wed, 21 Oct 2020 05:41:26 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8
728x90
반응형
'리눅스' 카테고리의 다른 글
[VMWARE] ESXi 스토리지 datastore1 경로 (0) | 2020.10.29 |
---|---|
도커 컨테이너에서 타임존을 설정하는 방법 (0) | 2020.10.27 |
[리눅스] NGING에서 PHP-FPM 상태를 활성화하고 모니터링하는 방법 (0) | 2020.10.15 |
[리눅스] NGINX 및 PHP-FPM access logs 설정 (1) | 2020.10.15 |
리눅스에서 tcping을 설치하고 사용하는 방법 (0) | 2020.10.14 |