We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
X-XSS Protection in VestaCP Topic is solved
X-XSS Protection in VestaCP
I'm trying to secure my vps, as much as I can. I run nikto to find vulnerabilities. I fixed some of them, but couldn't solve the rest.
Here is the ones I couldn't solve:
I've added it to lots places, some of them gave errors, the other didn't change anything.
Can you tell me the exact path to add the code to prevent X-XSS atacks? It'd be nice if you say the spesific path(/etc/apache2 etc.) instead of just "conf"
Distro: Debian 8
Nginx: Enabled
SSL: Yes
Edit: I solved the isssue, Till now, I thought that I have to change some apache conf, I was wrong. I added these three line to /etc/nginx/conf.d/yourip.conf (inside server part)
And It's solved!
Here is the ones I couldn't solve:
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to
Code: Select all
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
</IfModule>
Can you tell me the exact path to add the code to prevent X-XSS atacks? It'd be nice if you say the spesific path(/etc/apache2 etc.) instead of just "conf"
Distro: Debian 8
Nginx: Enabled
SSL: Yes
Edit: I solved the isssue, Till now, I thought that I have to change some apache conf, I was wrong. I added these three line to /etc/nginx/conf.d/yourip.conf (inside server part)
Code: Select all
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
Re: X-XSS Protection in VestaCP
Thanks !
Any idea why these 3 lines are not set by default after nginx/vestacp installation ?
Any idea why these 3 lines are not set by default after nginx/vestacp installation ?