Hi there, I try to harden a virtual host against acting as proxy relay. However running the command: curl --proxy http://slovensko.ch:80 http://yahoo.com does return the yahoos site, so I assume, that I failed. Can anybody please point me to any mistake in the following configuration. The site itself is generated using the zope/plone framework. thanks robert # # slovensko # ------------------- #_robert_ <VirtualHost *:80> DocumentRoot /var/www ServerAdmin robert@xxxxxxxxxx ServerName www.slovensko.ch ServerAlias slovensko.ch CustomLog /var/log/apache2/slovensko-access.log combined ErrorLog /var/log/apache2/slovensko-error.log LogLevel warn ServerSignature On Header set X-Frame-Options "SAMEORIGIN"Header set Strict-Transport-Security "max-age=15768000; includeSubDomains"
Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options "nosniff"Header set Content-Security-Policy-Report-Only "default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'"
ProxyVia On # prevent your web server from being used as global HTTP proxy <LocationMatch "^[^/]"> Deny from all </LocationMatch> <Proxy *> Order deny,allow Allow from all </Proxy> RewriteEngine On RewriteRule "^proxy:[a-z]*://[^/]*:25(/|$)" "-" [F,NC,L] # Normalize URLs by removing trailing /'sRewriteRule /(.*)/$ http://127.0.0.1:9680/VirtualHostBase/http/www.slovensko.ch:80/slovensko/slovensko/VirtualHostRoot/$1 [L,P] RewriteRule ^/(.*) http://127.0.0.1:9680/VirtualHostBase/http/www.slovensko.ch:80/slovensko/slovensko/VirtualHostRoot/$1 [L,P]
</VirtualHost> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx