Categories
.htaccess

htaccess update

############################################
## workaround for HTTP authorization
## in CGI environment

RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks

RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* – [L,R=405]

######################################
## Add custom headers
<IfModule mod_headers.c>
Header set X-Content-Type-Options “nosniff”
Header set X-XSS-Protection “1; mode=block”
</IfModule>

Leave a Reply