취약점을 방지하기 위한 보안 HTTP 헤더를 설정하기
X-Content-Type-Options
###Apache
Header set X-Content-Type-Options nosniff
###Nginx
add_header X-Content-Type-Options nosniff;
X-XSS-Protection
###Apache
Header set X-XSS-Protection "1; mode=block"
###Nginx
add_header X-XSS-Protection "1; mode=block";X-Frame-Options
###Apache
Header always append X-Frame-Options DENY
###Nginx
add_header X-Frame-Options “DENY”;HTTP Strict Transport Securit
###Apache
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
###Nginx
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';https://geekflare.com/http-header-implementation/
How to Implement Security HTTP Headers to Prevent Vulnerabilities? - Geekflare
Do you know most of the security vulnerabilities can be fixed by implementing necessary headers in the response header? Security is as essential as
geekflare.com
apache 설정 및 적용 내용 확인
httpd.conf 편집
vim /usr/local/apache2/conf/httpd.confHeader always set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options DENY
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"웹 브라우저 개발툴로 확인
curl 툴로 확인
curl -I http://localhostHTTP/1.1 200 OK
Date: Wed, 21 Oct 2020 05:41:26 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8
'리눅스' 카테고리의 다른 글
| [draft] fdisk 명령어를 사용하여 디스크의 파일 시스템을 재구성하는 방법 (0) | 2025.12.13 |
|---|---|
| [draft] Let's Encrypt에서 DNS 모드로 SSL 인증서를 발급받는 방법 (0) | 2025.12.13 |
| [draft] 파일 인코딩 변경하기 (0) | 2025.12.12 |
| [draft] 리눅스에서 파일명에 날짜를 포함시키는 방법 (0) | 2025.12.12 |
| [draft] python ModuleNotFoundError: No module named 'PIL' (0) | 2025.12.10 |
