Skip to content

amenezes/http_hardening

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits

examples

examples

 
 

manifests

manifests

 
 

spec

spec

 
 

templates

templates

 
 

tests

tests

 
 

LICENSE

LICENSE

 
 

Modulefile

Modulefile

 
 

README.md

README.md

 
 

metadata.json

metadata.json

 
 

Repository files navigation

Table of Contents

  1. Overview
  2. Module Description
  3. Usage
  1. Custom Headers
  2. Contact

1. Overview

Puppet module to enable, configure and manage secure http headers on web servers.

2. Module Description

This module provides an easy way to enable, configure and manage secure http headers on:

  • apache2 (debian like distros);
  • httpd (redhat like distros);
  • nginx;
  • lighttpd.

Standard options available are:


   $x_frame_options                     = 'SAMEORIGIN'
   $x_content_type_options              = 'nosniff'
   $x_xss_protection                    = '1; mode=block'
   $x_robots_tag                        = ''
   $public_key_pins                     = ''
   $strict_transport_security           = ''
   $content_security_policy             = ''
   $content_security_policy_report_only = ''
   $x_content_security_policy           = ''
   $x_webkit_csp                        = ''

For more information about secure HTTP headers see:

3. Usage

Installation 


$ puppet module install amenezes-http_hardening

Use

  • Basic usage for apache2 (Debian like distros) and httpd (RedHat like distros). This will enable mod_headers and set standard secure http headers.

class { 'http_hardening':
apache2 => true,
}



class { 'http_hardening':
httpd => true,
}

note: RedHat (like distros) users eventually must allow mod_headers on selinux.

  • Basic usage on nginx.

class { 'http_hardening':
nginx => true,
}
* Basic usage on lighttpd. 

class { 'http_hardening':
lighttpd => true,
}
> **note: mod_setenv will be enabled by default, if not already.**
  • Custom configuration on apache2 (Debian like distros) or httpd (RedHat like distros).

class { 'http_hardening':
apache2 => true,
x_frame_options  => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}



class { 'http_hardening':
httpd => true,
x_frame_options  => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}
  • Custom configuration on nginx.

class { 'http_hardening':
nginx => true,
x_frame_options  => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}
  • Custom configuration on lighttpd.

class { 'http_hardening':
lighttpd => true,
x_frame_options  => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}

4. Custom Headers

  • Custom HTTP Headers configuration on apache2 or httpd.

http_hardening::custom_apache { 'custom_config_1':
  custom_param   => 'FilesMatch',
  custom_filter  => '\.(png|ico|jpeg|jpg|gif)$',
  custom_headers => {
    'X-XSS-Protection' => '0',
  }
}



http_hardening::custom_apache { 'custom_config_2':
  custom_filter  => '\.(js|css)$',
  custom_headers => {
    'P3P' => 'CP=\"CAO PSA OUR\"'
  }
}

For more information see: man mod_headers

  • Custom HTTP Headers configuration on lighttpd.

http_hardening::custom_lighttpd { 'custom_config_1':
  custom_headers => {
    'X-XSS-Protection' => '0',
  }
}



http_hardening::custom_lighttpd { 'custom_config_2':
  custom_filter  => '\.(js|css)$',
  custom_headers => {
    'P3P' => 'CP=\"CAO PSA OUR\"'
  }
}

5. Contact

author: alexandre menezes
twitter: @ale_menezes

About

Puppet module to configure and manage secure http headers on web servers

Resources

Readme

License

Apache-2.0 license
Activity

Stars

6 stars

Watchers

5 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages