Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-09-20 05:11:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

prettify nginx options (#509)

Browse source 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
This commit is contained in:
schurzi 2021-11-29 10:25:43 +01:00 committed by GitHub
parent 530069ae88
commit ad43f908df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
roles/nginx_hardening/defaults/main.yml
View file

@ -11,15 +11,15 @@ nginx_client_header_timeout: "10"
nginx_send_timeout: "10"
nginx_limit_conn_zone: "$binary_remote_addr zone=default:10m"
nginx_limit_conn: "default 5"
nginx_add_header: [
# vvoid clickjacking
"X-Frame-Options SAMEORIGIN",
# disable content-type sniffing
"X-Content-Type-Options nosniff",
# XSS filter
"X-XSS-Protection \"1; mode=block\"",
"Strict-Transport-Security max-age=15768000",
"Content-Security-Policy \"script-src 'self'; object-src 'self'\"" ]
nginx_add_header:
# avoid clickjacking
- X-Frame-Options SAMEORIGIN
# disable content-type sniffing
- X-Content-Type-Options nosniff
# XSS filter
- X-XSS-Protection "1; mode=block"
- Strict-Transport-Security max-age=15768000
- Content-Security-Policy "script-src 'self'; object-src 'self'"
nginx_set_cookie_flag: "* HttpOnly secure"
nginx_ssl_prefer_server_ciphers: "on"