Comments (6)
I added this module in my own stack on http://deb.paranoid.nl/pages/nginx.html
from ngx_security_headers.
Hi @eilandert ,
Thank you for that. A bit an off-topic question, but have you seen any issue when you don't place the ModSecurity module's load_module
as last in the configuration?
Asking because I see you added that note also, and I can't seem to reproduce #1 with the recent ModSecurity, and then it would be good to get rid of that note about having to load it last.
from ngx_security_headers.
Hi @dvershinin,
I haven't seen interactions with your module, but have in the past with other security modules. So when I checked your module it seemed only logical to add that note ;-)
from ngx_security_headers.
@dvershinin Just out of interest as this has been an open issue for a bit of time, is an apt repository something you would consider? I appreciate you seem to work with rpm based Linux distributions i.e. Redhat, CentOS, Fedora etc, but for those running Debian based distro's i.e. Ubuntu Server, an apt repository is certainly going to be useful to install as a package, much like the nginx extras package.
Compiling modules is fun and all, but maintaining and keep such updated is more painful. Less so when your NGINX version is fairly stable on the LTS branch, more of a problem when you have NGINX update more frequently or indeed the module itself.
from ngx_security_headers.
@jamesmacwhite apt repository is something planned, for sure. It is simply that existing RHEL RPM builds provided an easier way to expand to more RPM-based systems.
Now that the Fedora packages system is complete, the RPM repository covers most of the RPM userbase. So it is a good time to start with the deb
packaging effort, which has a furthermore larger userbase...
The question is, whether to base the deb
releases from nginx.org's packaging or nginx-extras, etc. of Ubuntu's own packaging efforts:
- If the module's deb package/repository targets nginx.org packaging conventions, it can be used without problems if nginx itself was installed from nginx.org repo;
- if it targets/is based on Ubuntu's own nginx packaging for nginx and modules, it will be incompatible with users of nginx.org repositories...
from ngx_security_headers.
That's good that it's potentially planned.
I prefer to not add loads of PPAs and repos unless necessary, I have installed nginx from Ubuntu's standard repos which is currently nginx 1.18 on 20.04.4 LTS, so a little behind, but LTS favouring more stable and longer term support anyway.
I understand the dilemma though.
from ngx_security_headers.
Related Issues (17)
- Conflicts with ModSecurity HOT 4
- Not able to install through yum. HOT 1
- Strict-Transport-Security header not being added on SSL requests HOT 8
- Strict-Transport-Security: Preloading should be opt-in HOT 2
- Strict-Transport-Security: Preloading doesn't work HOT 2
- Feature Request: Additional Cross-Origin headers (COOP CORP, COEP)
- X-XSS-Protection: 0 is recommended by Mozilla and Google HOT 2
- Rewrite Referrer-Policy header HOT 2
- Missing ".configure" file for compiling on Ubuntu HOT 1
- add custom header
- Hide all irrelevant headers by default
- Hide cache headers
- Header access control
- Content-Security-Policy HOT 1
- not find ngx_http_security_headers_module.so HOT 1
- How to use it on Windows's nginx? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ngx_security_headers.