Thanks everyone for your imput, yeah its possible that some of you may have already made these changes before or maybe your host has an auto config when you start your hosting that covers some of these.
For my normal custom websites (not phpbb) i usually use the following my header files
Then in htaccess i have this
But i ask because i was not aware of the downside regarding phpbb of adding these especially when that site recommended them, and of course where to put them that would not break phpbb and i did not want to edit a file if i could so so via the ACP.
To answer a question I ran accross that site because i was originally trying to find a good link and image viewer that was not on my own server. One of my sites is a service related site which accepts images and links from users of our software. In order to help protect my server in the case of malicious links or things that are not safe for work that people post. I thought i might have alittle more security if all links were opened on another server.
There are companies out there that have servers for just this purpose, i dont know the technical name of the type of business or what they are called professionally. They also have API's that you can add to your site so that you have a direct ability with a click to view a link on their server and they will scan it first before it opens. I thought that was a good idea. I was shopping around for one of those sites when i found the site i linked to above.![:)]( "Smile")
So not to change the topic but if anyone happens to know one of those sites that is a good one, please let me know..
Again i really appreciate the feedback and replies here![:)]( "Smile")
For my normal custom websites (not phpbb) i usually use the following my header files
Code:
//prevent clickjackingheader('X-Frame-Options: SAMEORIGIN');//in the same php file in the session section i do this ini_set('session.use_trans_sid', '0'); ini_set('session.use_cookies', '1'); ini_set('session.use_only_cookies', '1'); ini_set('session.cookie_samesite', 'Strict'); ini_set('session.cookie_httponly', '1');Then in htaccess i have this
Code:
Options -IndexesOptions +FollowSymLinksDirectoryIndex index.php<IfModule mod_negotiation.c>Options -MultiViews</IfModule>#for better securityServerSignature Off#set strict transport security <IfModule mod_headers.c> <FilesMatch "\.(php|js)$"> Header set Strict-Transport-Security "max-age=63072000; env=HTTPS; includeSubDomains; preload;" </FilesMatch></IfModule>To answer a question I ran accross that site because i was originally trying to find a good link and image viewer that was not on my own server. One of my sites is a service related site which accepts images and links from users of our software. In order to help protect my server in the case of malicious links or things that are not safe for work that people post. I thought i might have alittle more security if all links were opened on another server.
There are companies out there that have servers for just this purpose, i dont know the technical name of the type of business or what they are called professionally. They also have API's that you can add to your site so that you have a direct ability with a click to view a link on their server and they will scan it first before it opens. I thought that was a good idea. I was shopping around for one of those sites when i found the site i linked to above.
So not to change the topic but if anyone happens to know one of those sites that is a good one, please let me know.. Again i really appreciate the feedback and replies here
Statistics: Posted by durangod — Sat Jul 27, 2024 12:01 pm