X-XSS Protection in VestaCP Topic is solved

Section with modification and patches for Vesta
Posts: 1
Joined: Sat Apr 16, 2016 12:56 am

X-XSS Protection in VestaCP  Topic is solved

Postby oddyseus » Sat Apr 16, 2016 1:38 am

I'm trying to secure my vps, as much as I can. I run nikto to find vulnerabilities. I fixed some of them, but couldn't solve the rest.
Here is the ones I couldn't solve:

    + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
    + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to

Where should I add this other than .htaccess:

Code: Select all

<IfModule mod_headers.c>
  Header set X-XSS-Protection "1; mode=block"

I've added it to lots places, some of them gave errors, the other didn't change anything.

Can you tell me the exact path to add the code to prevent X-XSS atacks? It'd be nice if you say the spesific path(/etc/apache2 etc.) instead of just "conf"

Distro: Debian 8
Nginx: Enabled
SSL: Yes

Edit: I solved the isssue, Till now, I thought that I have to change some apache conf, I was wrong. I added these three line to /etc/nginx/conf.d/yourip.conf (inside server part)

Code: Select all

   add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

And It's solved!

Return to “Modification & Patches”

Who is online

Users browsing this forum: Google [Bot] and 2 guests