|
| ||||||||
|
巻き戻し中。
|
|
2022-12-25(日) セキュリティ設定 [長年日記]
_ HSTS
httpのhttpsへのリダイレクトも含めて、設定完了。Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" ↑httpd-ssl.confにこれと、↓httpd.confの各VirtualHostに ##### for HSTS ##### <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L] </IfModule> ####################以降は構成的にhttpsでの接続になるます! ただし、オイラが証明書の更新とかしくじるとhttpsだとエラー、httpではアクセスさせてくれないって状況になるのでそん時はスマソ。
_ CSP
コイツも設定した。↓httpd.confに ----- Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uekusa-com.com https://*.uekusa.com https://*.uekusa.org https://*.uekusa.info https://*.uekusa.jp https://syndication.twitter.com https://www.google.com https://ajax.googleapis.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://cse.google.com https://googlesyndication.com https://www.gstatic.com https://b.st-hatena.com https://www.ipa.go.jp https://platform.twitter.com https://rum-static.pingdom.net https://rcm-fe.amazon-adsystem.com https://embed.nicovideo.jp https://ext.nicovideo.jp; img-src 'self' https://uekusa-com.com https://*.uekusa-com.com https://*.uekusa.com https://*.uekusa.org https://*.uekusa.info https://uekusa.jp https://*.uekusa.jp https://b.st-hatena.com https://maps.googleapis.com https://www.googleapis.com https://www.google.com https://clients1.google.com https://google-analytics.com https://googlesyndication.com https://ajax.googleapis.com https://syndication.twitter.com https://www.ipa.go.jp; default-src 'self' 'unsafe-inline' https://*.uekusa-com.com https://*.uekusa.com https://*.uekusa.org https://*.uekusa.info https://*.uekusa.jp https://syndication.twitter.com https://www.google.com https://www.googleapis.com https://ajax.googleapis.com https://maps.google.co.jp https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://cse.google.com https://googlesyndication.com https://www.gstatic.com https://b.st-hatena.com https://b.hatena.ne.jp https://www.ipa.go.jp https://isec-myjvn-feed1.ipa.go.jp https://platform.twitter.com https://rum-static.pingdom.net https://securityscorecard.com https://rum-collector-2.pingdom.net https://clients1.google.com https://rcm-fe.amazon-adsystem.com https://ws-fe.assoc-amazon.com https://facebook.com https://www.facebook.com https://www.youtube.com https://ext.nicovideo.jp https://embed.nicovideo.jp https://live.nicovideo.jp;" -----な感じ。 Chromeのコンソールでエラー見ながら調整。
Tweets by RC31E | |||||||||
| |||||||||
|