ServerAdmin support@vicibox.local ServerName vicibox.local DocumentRoot /srv/www/htdocs ErrorLog /var/log/apache2/error_log CustomLog /var/log/apache2/access_log combined #CustomLog /dev/null combined HostnameLookups Off UseCanonicalName Off ServerSignature Off TraceEnable Off Include /etc/apache2/conf.d/*.conf DirectoryIndex index.html index.php index.htm Require all denied Require ip 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 127.0.0.1 Options Indexes FollowSymLinks AllowOverride None Require all granted ### To force everything to SSL uncomment the following, but make sure SSL works first!!! #RewriteEngine On #RewriteCond %{HTTPS} off #RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L] ### Below is for PCI WebDSS scans, but will likely break ViciDial # # Header always set X-Frame-Options: DENY # Header always set X-XSS-Protection "1; mode=block" # Header always set X-Content-Type-Options: nosniff # Header always set Content-Security-Policy "script-src 'self'; object-src 'self'" # Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" #