Author: pzampino
Date: Fri May 18 13:51:47 2018
New Revision: 1831861
URL: http://svn.apache.org/viewvc?rev=1831861&view=rev
Log:
Updated WebAppSec provider
Modified:
knox/site/books/knox-1-1-0/user-guide.html
knox/site/index.html
knox/site/issue-tracking.html
knox/site/license.html
knox/site/mail-lists.html
knox/site/project-info.html
knox/site/team-list.html
knox/trunk/books/1.1.0/book.md
knox/trunk/books/1.1.0/config_webappsec_provider.md
Modified: knox/site/books/knox-1-1-0/user-guide.html
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/user-guide.html?rev=1831861&r1=1831860&r2=1831861&view=diff
==============================================================================
--- knox/site/books/knox-1-1-0/user-guide.html (original)
+++ knox/site/books/knox-1-1-0/user-guide.html Fri May 18 13:51:47 2018
@@ -82,6 +82,7 @@
<li><a href="#CSRF">CSRF</a></li>
<li><a href="#CORS">CORS</a></li>
<li><a href="#X-Frame-Options">X-Frame-Options</a></li>
+ <li><a href="#X-Content-Type-Options">X-Content-Type-Options</a></li>
<li><a href="#HTTP+Strict-Transport-Security+-+HSTS">HTTP
Strict-Transport-Security - HSTS</a></li>
</ul></li>
<li><a href="#Websocket+Support">Websocket Support</a></li>
@@ -3249,7 +3250,7 @@ APACHE_HOME/bin/apachectl -k stop
<param><name>csrf.customHeader</name><value>X-XSRF-Header</value></param>
<param><name>csrf.methodsToIgnore</name><value>GET,OPTIONS,HEAD</value></param>
<param><name>cors.enabled</name><value>true</value></param>
-
<param><name>xframe-options.enabled</name><value>true</value></param>
+
<param><name>xframe.options.enabled</name><value>true</value></param>
<param><name>strict.transport.enabled</name><value>true</value></param>
</provider>
</code></pre><h4><a id="Descriptions">Descriptions</a> <a
href="#Descriptions"><img src="markbook-section-link.png"/></a></h4><p>The
following tables describes the configuration options for the web app security
provider:</p><h5><a id="CSRF">CSRF</a> <a href="#CSRF"><img
src="markbook-section-link.png"/></a></h5><h6><a id="Config">Config</a> <a
href="#Config"><img src="markbook-section-link.png"/></a></h6>
@@ -3352,16 +3353,37 @@ APACHE_HOME/bin/apachectl -k stop
</thead>
<tbody>
<tr>
- <td>xframe-options.enabled </td>
+ <td>xframe.options.enabled </td>
<td>This param enables the X-Frame-Options capabilities</td>
<td>false</td>
</tr>
<tr>
- <td>xframe-options.value </td>
+ <td>xframe.options </td>
<td>This param specifies a particular value for the X-Frame-Options
header. Most often the default value of DENY will be most appropriate. You can
also use SAMEORIGIN or ALLOW-FROM uri</td>
<td>DENY</td>
</tr>
</tbody>
+</table><h5><a id="X-Content-Type-Options">X-Content-Type-Options</a> <a
href="#X-Content-Type-Options"><img
src="markbook-section-link.png"/></a></h5><p>Browser MIME content type sniffing
can be exploited for malicious purposes. Adding the X-Content-Type-Options HTTP
header to responses directs the browser to honor the type specified in the
Content-Type header, rather than trying to determine the type from the content
itself. Most modern browsers support this.</p><h6><a id="Config">Config</a> <a
href="#Config"><img src="markbook-section-link.png"/></a></h6>
+<table>
+ <thead>
+ <tr>
+ <th>Name </th>
+ <th>Description </th>
+ <th>Default</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>xcontent-type.options.enabled </td>
+ <td>This param enables the X-Content-Type-Options header inclusion</td>
+ <td>false</td>
+ </tr>
+ <tr>
+ <td>xcontent-type.options </td>
+ <td>This param specifies a particular value for the
X-Content-Type-Options header. The default value is really the only meaningful
value</td>
+ <td>nosniff</td>
+ </tr>
+ </tbody>
</table><h5><a id="HTTP+Strict+Transport+Security">HTTP Strict Transport
Security</a> <a href="#HTTP+Strict+Transport+Security"><img
src="markbook-section-link.png"/></a></h5><p>Web applications can be protected
by protocol downgrade attacks and cookie hijacking by adding HTTP Strict
Transport Security response header.</p><h6><a id="Config">Config</a> <a
href="#Config"><img src="markbook-section-link.png"/></a></h6>
<table>
<thead>
Modified: knox/site/index.html
URL:
http://svn.apache.org/viewvc/knox/site/index.html?rev=1831861&r1=1831860&r2=1831861&view=diff
==============================================================================
--- knox/site/index.html (original)
+++ knox/site/index.html Fri May 18 13:51:47 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-04-20
+ | Generated by Apache Maven Doxia at 2018-05-18
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180420" />
+ <meta name="Date-Revision-yyyymmdd" content="20180518" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Announcing Apache Knox 1.0.0!</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-04-20</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-05-18</li>
</ul>
</div>
Modified: knox/site/issue-tracking.html
URL:
http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1831861&r1=1831860&r2=1831861&view=diff
==============================================================================
--- knox/site/issue-tracking.html (original)
+++ knox/site/issue-tracking.html Fri May 18 13:51:47 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-04-20
+ | Generated by Apache Maven Doxia at 2018-05-18
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180420" />
+ <meta name="Date-Revision-yyyymmdd" content="20180518" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Issue Tracking</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-04-20</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-05-18</li>
</ul>
</div>
Modified: knox/site/license.html
URL:
http://svn.apache.org/viewvc/knox/site/license.html?rev=1831861&r1=1831860&r2=1831861&view=diff
==============================================================================
--- knox/site/license.html (original)
+++ knox/site/license.html Fri May 18 13:51:47 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-04-20
+ | Generated by Apache Maven Doxia at 2018-05-18
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180420" />
+ <meta name="Date-Revision-yyyymmdd" content="20180518" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project License</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-04-20</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-05-18</li>
</ul>
</div>
Modified: knox/site/mail-lists.html
URL:
http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1831861&r1=1831860&r2=1831861&view=diff
==============================================================================
--- knox/site/mail-lists.html (original)
+++ knox/site/mail-lists.html Fri May 18 13:51:47 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-04-20
+ | Generated by Apache Maven Doxia at 2018-05-18
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180420" />
+ <meta name="Date-Revision-yyyymmdd" content="20180518" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Mailing Lists</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-04-20</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-05-18</li>
</ul>
</div>
Modified: knox/site/project-info.html
URL:
http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1831861&r1=1831860&r2=1831861&view=diff
==============================================================================
--- knox/site/project-info.html (original)
+++ knox/site/project-info.html Fri May 18 13:51:47 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-04-20
+ | Generated by Apache Maven Doxia at 2018-05-18
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180420" />
+ <meta name="Date-Revision-yyyymmdd" content="20180518" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Information</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-04-20</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-05-18</li>
</ul>
</div>
Modified: knox/site/team-list.html
URL:
http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1831861&r1=1831860&r2=1831861&view=diff
==============================================================================
--- knox/site/team-list.html (original)
+++ knox/site/team-list.html Fri May 18 13:51:47 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-04-20
+ | Generated by Apache Maven Doxia at 2018-05-18
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180420" />
+ <meta name="Date-Revision-yyyymmdd" content="20180518" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Team list</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-04-20</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-05-18</li>
</ul>
</div>
Modified: knox/trunk/books/1.1.0/book.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/1.1.0/book.md?rev=1831861&r1=1831860&r2=1831861&view=diff
==============================================================================
--- knox/trunk/books/1.1.0/book.md (original)
+++ knox/trunk/books/1.1.0/book.md Fri May 18 13:51:47 2018
@@ -79,6 +79,7 @@
* #[CSRF]
* #[CORS]
* #[X-Frame-Options]
+ * #[X-Content-Type-Options]
* #[HTTP Strict-Transport-Security - HSTS]
* #[Websocket Support]
* #[Audit]
Modified: knox/trunk/books/1.1.0/config_webappsec_provider.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/1.1.0/config_webappsec_provider.md?rev=1831861&r1=1831860&r2=1831861&view=diff
==============================================================================
--- knox/trunk/books/1.1.0/config_webappsec_provider.md (original)
+++ knox/trunk/books/1.1.0/config_webappsec_provider.md Fri May 18 13:51:47 2018
@@ -54,7 +54,7 @@ Because of this one-to-many provider/fil
<param><name>csrf.customHeader</name><value>X-XSRF-Header</value></param>
<param><name>csrf.methodsToIgnore</name><value>GET,OPTIONS,HEAD</value></param>
<param><name>cors.enabled</name><value>true</value></param>
- <param><name>xframe-options.enabled</name><value>true</value></param>
+ <param><name>xframe.options.enabled</name><value>true</value></param>
<param><name>strict.transport.enabled</name><value>true</value></param>
</provider>
@@ -105,8 +105,19 @@ Cross Frame Scripting and Clickjacking a
Name | Description | Default
-----------------------------|-------------|---------
-xframe-options.enabled | This param enables the
X-Frame-Options capabilities|false
-xframe-options.value | This param specifies a particular value
for the X-Frame-Options header. Most often the default value of DENY will be
most appropriate. You can also use SAMEORIGIN or ALLOW-FROM uri|DENY
+xframe.options.enabled | This param enables the
X-Frame-Options capabilities|false
+xframe.options | This param specifies a particular value for
the X-Frame-Options header. Most often the default value of DENY will be most
appropriate. You can also use SAMEORIGIN or ALLOW-FROM uri|DENY
+
+##### X-Content-Type-Options
+
+Browser MIME content type sniffing can be exploited for malicious purposes.
Adding the X-Content-Type-Options HTTP header to responses directs the browser
to honor the type specified in the Content-Type header, rather than trying to
determine the type from the content itself. Most modern browsers support this.
+
+###### Config
+
+Name | Description | Default
+-----------------------------|-------------|---------
+xcontent-type.options.enabled | This param enables the
X-Content-Type-Options header inclusion|false
+xcontent-type.options | This param specifies a particular value
for the X-Content-Type-Options header. The default value is really the only
meaningful value|nosniff
##### HTTP Strict Transport Security
