ServerAdmin support@vicibox.local ServerName vicibox.local DocumentRoot /srv/www/htdocs ErrorLog /var/log/apache2/error_log CustomLog /var/log/apache2/access_log combined #CustomLog /dev/null combined HostnameLookups Off UseCanonicalName Off ServerSignature Off TraceEnable Off Include /etc/apache2/conf.d/*.conf DirectoryIndex index.html index.php index.htm SSLEngine on SSLCertificateFile /etc/apache2/ssl.crt/vicibox.crt #SSLCACertificateFile /etc/apache2/ssl.crt/CAchain.crt SSLCertificateKeyFile /etc/apache2/ssl.key/vicibox.key SSLOptions +StdEnvVars BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 Require all denied Require ip 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 127.0.0.1 Options Indexes FollowSymLinks AllowOverride None Require all granted ### Below is for PCI WebDSS scans, but will likely break ViciDial # # Header always set X-Frame-Options: DENY # Header always set X-XSS-Protection "1; mode=block" # Header always set X-Content-Type-Options: nosniff # Header always set Content-Security-Policy "script-src 'self'; object-src 'self'" # Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" #