728x90
취약점을 방지하기 위한 보안 HTTP 헤더를 설정하기
X-Content-Type-Options
###Apache
Header set X-Content-Type-Options nosniff
###Nginx
add_header X-Content-Type-Options nosniff;
X-XSS-Protection
###Apache
Header set X-XSS-Protection "1; mode=block"
###Nginx
add_header X-XSS-Protection "1; mode=block";X-Frame-Options
###Apache
Header always append X-Frame-Options DENY
###Nginx
add_header X-Frame-Options “DENY”;HTTP Strict Transport Securit
###Apache
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
###Nginx
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';https://geekflare.com/http-header-implementation/
How to Implement Security HTTP Headers to Prevent Vulnerabilities? - Geekflare
Do you know most of the security vulnerabilities can be fixed by implementing necessary headers in the response header? Security is as essential as
geekflare.com
apache 설정 및 적용 내용 확인
httpd.conf 편집
$ vim /usr/local/apache2/conf/httpd.conf
...
Header always set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options DENY
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"웹 브라우저 개발툴로 확인
curl 툴로 확인
$ curl -I http://localhost
HTTP/1.1 200 OK
Date: Wed, 21 Oct 2020 05:41:26 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8
728x90
'리눅스' 카테고리의 다른 글
| 리눅스에서 HTTP Proxy Server 설정하기 (0) | 2021.08.07 |
|---|---|
| CentOS 7에서 KVM 하이퍼바이저를 설치하는 방법 (0) | 2021.08.05 |
| PHP MongoDB 확장 모듈을 설치하는 방법(mongodb.so 모듈) (0) | 2021.07.16 |
| OpenSSL을 사용하여 파일을 암호화하고 복호화하는 방법 (0) | 2021.07.05 |
| CentOS 7에서 로케일(로케일 설정과 문자셋 설정)을 변경하는 방법 (0) | 2021.07.01 |
