Package: apache2.2-common Version: 2.2.22-13+deb7u4 Severity: important Dear Maintainer,
*** Please consider answering these questions, where appropriate *** * What led up to the situation? while checking my apache headers through : http://cyh.herokuapp.com/cyh I noticed none are working.. sinds debian stands for security and stability, im wondering why this is not working. * What exactly did you do (or not do) that was effective (or ineffective)? i did create a new security file in /etc/apache2/conf.d/security-custom added the following content as recommended by above website mentioned. : Header set X-Frame-Options: "sameorigin" Header set Strict-Transport-Security: "max-age=31536000; includeSubDomains" Header set X-Content-Type-Options: "nosniff" Header set Content-Type "text/html;charset=utf-8" Header set X-XSS-Protection: "1; mode=block" Header set Cache-Control: "no-cache, no-store, must-revalidate" Header set Pragma: "no-cache Header set Expires: "-1" Header set X-Permitted-Cross-Domain-Policies "master-only" Header set Content-Security-Policy "Content-Security-Policy-Report-Only" * What was the outcome of this action? None of these worked * What outcome did you expect instead? that at least the lines worked as stated in /etc/apache2/conf.d/security Header set X-Content-Type-Options: "nosniff" Header set X-Frame-Options: "sameorigin" Header set X-XSS-Protection: "1; mode=block" Please fix this for debian wheezy, so we can set a more secure apache. thanks. *** End of the template - remove these lines *** -- Package-specific info: List of enabled modules from 'apache2 -M': alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi deflate dir env expires headers mime negotiation php5 proxy_http proxy reqtimeout rewrite security2 setenvif ssl status unique_id List of enabled php5 extensions: imap mapi pdo -- System Information: Debian Release: 7.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages apache2 depends on: ii apache2-mpm-prefork 2.2.22-13+deb7u4 ii apache2.2-common 2.2.22-13+deb7u4 apache2 recommends no packages. apache2 suggests no packages. Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.22-13+deb7u4 ii apache2.2-bin 2.2.22-13+deb7u4 ii lsb-base 4.1+Debian8+deb7u1 ii mime-support 3.52-1+deb7u1 ii perl 5.14.2-21+deb7u2 ii procps 1:3.3.3-3 Versions of packages apache2.2-common recommends: ii ssl-cert 1.0.32 Versions of packages apache2.2-common suggests: pn apache2-doc <none> pn apache2-suexec | apache2-suexec-custom <none> ii w3m [www-browser] 0.5.3-8 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org