X-XSS Protection in VestaCP Topic is solved
X-XSS Protection in VestaCP
I'm trying to secure my vps, as much as I can. I run nikto to find vulnerabilities. I fixed some of them, but couldn't solve the rest.
Here is the ones I couldn't solve:
I've added it to lots places, some of them gave errors, the other didn't change anything.
Can you tell me the exact path to add the code to prevent X-XSS atacks? It'd be nice if you say the spesific path(/etc/apache2 etc.) instead of just "conf"
Distro: Debian 8
Nginx: Enabled
SSL: Yes
Edit: I solved the isssue, Till now, I thought that I have to change some apache conf, I was wrong. I added these three line to /etc/nginx/conf.d/yourip.conf (inside server part)
And It's solved!
Here is the ones I couldn't solve:
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to
Code: Select all
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
</IfModule>Can you tell me the exact path to add the code to prevent X-XSS atacks? It'd be nice if you say the spesific path(/etc/apache2 etc.) instead of just "conf"
Distro: Debian 8
Nginx: Enabled
SSL: Yes
Edit: I solved the isssue, Till now, I thought that I have to change some apache conf, I was wrong. I added these three line to /etc/nginx/conf.d/yourip.conf (inside server part)
Code: Select all
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";Re: X-XSS Protection in VestaCP
Thanks !
Any idea why these 3 lines are not set by default after nginx/vestacp installation ?
Any idea why these 3 lines are not set by default after nginx/vestacp installation ?