|
|
@@ -24,6 +24,7 @@ server {
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
add_header X-Robots-Tag none;
|
|
|
add_header X-Download-Options noopen;
|
|
|
+ add_header X-Frame-Options "SAMEORIGIN";
|
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
|
|
|
|
index index.php index.html;
|
|
|
@@ -46,7 +47,10 @@ server {
|
|
|
}
|
|
|
|
|
|
# If behind reverse proxy, forwards the correct IP
|
|
|
- set_real_ip_from 172.22.1.1;
|
|
|
+ set_real_ip_from 10.0.0.0/8;
|
|
|
+ set_real_ip_from 172.16.0.0/12;
|
|
|
+ set_real_ip_from 192.168.0.0/16;
|
|
|
+ set_real_ip_from fd00::/8;
|
|
|
real_ip_header X-Forwarded-For;
|
|
|
real_ip_recursive on;
|
|
|
|
|
|
@@ -202,6 +206,7 @@ server {
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
add_header X-Robots-Tag none;
|
|
|
add_header X-Download-Options noopen;
|
|
|
+ add_header X-Frame-Options "SAMEORIGIN";
|
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
|
|
|
|
index index.php index.html;
|
|
|
@@ -224,7 +229,10 @@ server {
|
|
|
}
|
|
|
|
|
|
# If behind reverse proxy, forwards the correct IP
|
|
|
- set_real_ip_from 172.22.1.1;
|
|
|
+ set_real_ip_from 10.0.0.0/8;
|
|
|
+ set_real_ip_from 172.16.0.0/12;
|
|
|
+ set_real_ip_from 192.168.0.0/16;
|
|
|
+ set_real_ip_from fd00::/8;
|
|
|
real_ip_header X-Forwarded-For;
|
|
|
real_ip_recursive on;
|
|
|
|
andre.peters