bunkerweb 1.4.0
This commit is contained in:
bunkerity
4
core/headers/confs/http/headers.conf
Normal file
4
core/headers/confs/http/headers.conf
Normal file
@@ -0,0 +1,4 @@
|
||||
map $scheme $header_cookie_secure {
|
||||
default "";
|
||||
"https" "secure";
|
||||
}
|
||||
5
core/headers/confs/server-http/custom-headers.conf
Normal file
5
core/headers/confs/server-http/custom-headers.conf
Normal file
@@ -0,0 +1,5 @@
|
||||
{% for k, v in all.items() +%}
|
||||
{% if k.startswith("CUSTOM_HEADER") and v != "" +%}
|
||||
more_set_headers "{{ v }}";
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
5
core/headers/confs/server-http/remove-headers.conf
Normal file
5
core/headers/confs/server-http/remove-headers.conf
Normal file
@@ -0,0 +1,5 @@
|
||||
{% if REMOVE_HEADERS != "" %}
|
||||
{% for header in REMOVE_HEADERS.split(" ") +%}
|
||||
more_clear_headers '{{ header }}';
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
39
core/headers/confs/server-http/security-headers.conf
Normal file
39
core/headers/confs/server-http/security-headers.conf
Normal file
@@ -0,0 +1,39 @@
|
||||
{% if STRICT_TRANSPORT_SECURITY != "" and (AUTO_LETS_ENCRYPT == "yes" or USE_CUSTOM_HTTPS == "yes" or GENERATE_SELF_SIGNED_SSL == "yes") +%}
|
||||
more_set_headers "Strict-Transport-Security: {{ STRICT_TRANSPORT_SECURITY }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if COOKIE_FLAGS != "" +%}
|
||||
{% if COOKIE_AUTO_SECURE_FLAG == "yes" and (AUTO_LETS_ENCRYPT == "yes" or USE_CUSTOM_HTTPS == "yes" or GENERATE_SELF_SIGNED_SSL == "yes") +%}
|
||||
set_cookie_flag {{ COOKIE_FLAGS }} secure;
|
||||
{% else +%}
|
||||
set_cookie_flag {{ COOKIE_FLAGS }};
|
||||
{% endif +%}
|
||||
{% endif +%}
|
||||
|
||||
{% if CONTENT_SECURITY_POLICY != "" +%}
|
||||
more_set_headers "Content-Security-Policy: {{ CONTENT_SECURITY_POLICY }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if REFERRER_POLICY != "" +%}
|
||||
more_set_headers "Referrer-Policy: {{ REFERRER_POLICY }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if PERMISSIONS_POLICY != "" +%}
|
||||
more_set_headers "Permissions-Policy: {{ PERMISSIONS_POLICY }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if FEATURE_POLICY != "" +%}
|
||||
more_set_headers "Feature-Policy: {{ FEATURE_POLICY }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if X_FRAME_OPTIONS != "" +%}
|
||||
more_set_headers "X-Frame-Options: {{ X_FRAME_OPTIONS }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if X_CONTENT_TYPE_OPTIONS != "" +%}
|
||||
more_set_headers "X-Content-Type-Options: {{ X_CONTENT_TYPE_OPTIONS }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if X_XSS_PROTECTION != "" +%}
|
||||
more_set_headers "X-XSS-Protection: {{ X_XSS_PROTECTION }}";
|
||||
{% endif +%}
|
||||
118
core/headers/plugin.json
Normal file
118
core/headers/plugin.json
Normal file
@@ -0,0 +1,118 @@
|
||||
{
|
||||
"id": "headers",
|
||||
"order": 999,
|
||||
"name": "Headers",
|
||||
"description": "Manage HTTP headers sent to clients.",
|
||||
"version": "0.1",
|
||||
"settings": {
|
||||
"CUSTOM_HEADER": {
|
||||
"context": "multisite",
|
||||
"default": "",
|
||||
"help": "Custom header to add (HeaderName: HeaderValue).",
|
||||
"id": "custom-header",
|
||||
"label": "Custom header (HeaderName: HeaderValue)",
|
||||
"regex": "^.*$",
|
||||
"type": "text",
|
||||
"multiple": "custom-headers"
|
||||
},
|
||||
"REMOVE_HEADERS": {
|
||||
"context": "multisite",
|
||||
"default": "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version",
|
||||
"help": "Headers to remove (Header1 Header2 Header3 ...)",
|
||||
"id": "remove-headers",
|
||||
"label": "Remove headers",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
},
|
||||
"STRICT_TRANSPORT_SECURITY": {
|
||||
"context": "multisite",
|
||||
"default": "max-age=31536000",
|
||||
"help": "Value for the Strict-Transport-Security header.",
|
||||
"id": "strict-transport-security",
|
||||
"label": "Strict-Transport-Security",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
},
|
||||
"COOKIE_FLAGS": {
|
||||
"context": "multisite",
|
||||
"default": "* HttpOnly SameSite=Lax",
|
||||
"help": "Cookie flags automatically added to all cookies (value accepted for nginx_cookie_flag_module).",
|
||||
"id": "cookie-flags",
|
||||
"label": "Cookie flags",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
},
|
||||
"COOKIE_AUTO_SECURE_FLAG": {
|
||||
"context": "multisite",
|
||||
"default": "yes",
|
||||
"help": "Automatically add the Secure flag to all cookies.",
|
||||
"id": "cookie-auto-secure-flag",
|
||||
"label": "Cookie auto Secure flag",
|
||||
"regex": "^(yes|no)$",
|
||||
"type": "check"
|
||||
},
|
||||
"CONTENT_SECURITY_POLICY": {
|
||||
"context": "multisite",
|
||||
"default": "object-src 'none'; form-action 'self'; frame-ancestors 'self';",
|
||||
"help": "Value for the Content-Security-Policy header.",
|
||||
"id": "content-security-policy",
|
||||
"label": "Content-Security-Policy",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
},
|
||||
"REFERRER_POLICY": {
|
||||
"context": "multisite",
|
||||
"default": "strict-origin-when-cross-origin",
|
||||
"help": "Value for the Referrer-Policy header.",
|
||||
"id": "referrer-policy",
|
||||
"label": "Referrer-Policy",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
},
|
||||
"PERMISSIONS_POLICY": {
|
||||
"context": "multisite",
|
||||
"default": "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()",
|
||||
"help": "Value for the Permissions-Policy header.",
|
||||
"id": "permissions-policy",
|
||||
"label": "Permissions-Policy",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
},
|
||||
"FEATURE_POLICY": {
|
||||
"context": "multisite",
|
||||
"default": "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';",
|
||||
"help": "Value for the Feature-Policy header.",
|
||||
"id": "feature-policy",
|
||||
"label": "Feature-Policy",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
},
|
||||
"X_FRAME_OPTIONS": {
|
||||
"context": "multisite",
|
||||
"default": "SAMEORIGIN",
|
||||
"help": "Value for the X-Frame-Options header.",
|
||||
"id": "x-frame-options",
|
||||
"label": "X-Frame-Options",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
},
|
||||
"X_CONTENT_TYPE_OPTIONS": {
|
||||
"context": "multisite",
|
||||
"default": "nosniff",
|
||||
"help": "Value for the X-Content-Type-Options header.",
|
||||
"id": "x-content-type-options",
|
||||
"label": "X-Content-Type-Options",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
},
|
||||
"X_XSS_PROTECTION": {
|
||||
"context": "multisite",
|
||||
"default": "1; mode=block",
|
||||
"help": "Value for the X-XSS-Protection header.",
|
||||
"id": "x-xss-protection",
|
||||
"label": "X-XSS-Protection",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user