Skip to content

amenezes/http_hardening

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
examples
 
 
manifests
 
 
spec
 
 
templates
 
 
tests
 
 
LICENSE
 
 
Modulefile
 
 
README.md
 
 
metadata.json
 
 
Table of Contents 1. Overview 2. Module Description 3. Usage Installation Use 4. Custom Headers 5. Contact

README.md

Table of Contents

  1. Overview
  2. Module Description
  3. Usage
  1. Custom Headers
  2. Contact

1. Overview

Puppet module to enable, configure and manage secure http headers on web servers.

2. Module Description

This module provides an easy way to enable, configure and manage secure http headers on:

  • apache2 (debian like distros);
  • httpd (redhat like distros);
  • nginx;
  • lighttpd.

Standard options available are:


   $x_frame_options                     = 'SAMEORIGIN'
   $x_content_type_options              = 'nosniff'
   $x_xss_protection                    = '1; mode=block'
   $x_robots_tag                        = ''
   $public_key_pins                     = ''
   $strict_transport_security           = ''
   $content_security_policy             = ''
   $content_security_policy_report_only = ''
   $x_content_security_policy           = ''
   $x_webkit_csp                        = ''

For more information about secure HTTP headers see:

3. Usage

Installation 


$ puppet module install amenezes-http_hardening

Use

  • Basic usage for apache2 (Debian like distros) and httpd (RedHat like distros). This will enable mod_headers and set standard secure http headers.

class { 'http_hardening':
apache2 => true,
}



class { 'http_hardening':
httpd => true,
}

note: RedHat (like distros) users eventually must allow mod_headers on selinux.

  • Basic usage on nginx.

class { 'http_hardening':
nginx => true,
}
* Basic usage on lighttpd. 

class { 'http_hardening':
lighttpd => true,
}
> **note: mod_setenv will be enabled by default, if not already.**
  • Custom configuration on apache2 (Debian like distros) or httpd (RedHat like distros).

class { 'http_hardening':
apache2 => true,
x_frame_options  => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}



class { 'http_hardening':
httpd => true,
x_frame_options  => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}
  • Custom configuration on nginx.

class { 'http_hardening':
nginx => true,
x_frame_options  => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}
  • Custom configuration on lighttpd.

class { 'http_hardening':
lighttpd => true,
x_frame_options  => 'SAMEORIGIN',
x_xss_protection => '1; mode=block',
}

4. Custom Headers

  • Custom HTTP Headers configuration on apache2 or httpd.

http_hardening::custom_apache { 'custom_config_1':
  custom_param   => 'FilesMatch',
  custom_filter  => '\.(png|ico|jpeg|jpg|gif)$',
  custom_headers => {
    'X-XSS-Protection' => '0',
  }
}



http_hardening::custom_apache { 'custom_config_2':
  custom_filter  => '\.(js|css)$',
  custom_headers => {
    'P3P' => 'CP=\"CAO PSA OUR\"'
  }
}

For more information see: man mod_headers

  • Custom HTTP Headers configuration on lighttpd.

http_hardening::custom_lighttpd { 'custom_config_1':
  custom_headers => {
    'X-XSS-Protection' => '0',
  }
}



http_hardening::custom_lighttpd { 'custom_config_2':
  custom_filter  => '\.(js|css)$',
  custom_headers => {
    'P3P' => 'CP=\"CAO PSA OUR\"'
  }
}

5. Contact

author: alexandre menezes
twitter: @ale_menezes

About

Puppet module to configure and manage secure http headers on web servers

Resources

Readme

License

Apache-2.0 license
Activity

Stars

6 stars

Watchers

4 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages