Commits · f418e8113c64e99362001e1773b5fb37ad5e0c67 · Timothee Gosselin / Haproxy

Apr 01, 2018

JOduMonT authored Apr 01, 2018 and

Pierre Ozoux committed Apr 01, 2018

* hardening SSL + HEADER

+ global option == no-sslv3 no-tls-tickets force-tlsv12
- CAMELIA CIPHER == on the way to be NIST & HIPAA Compliant
+ redirect only if not already SSL

+ Hardening HEADER with:
++ X-Frame-Options:\ SAMEORIGIN # OR DENY is another option
++ X-XSS-Protection
++ X-Content-Type-Options == nosniff
++ Referrer-Policy == no-referrer-when-downgrade

which bring the security headers grade from E to B
tested with https://securityheaders.io

NOTE:
Public-Key-Pins is more or less a DEAD project (https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead)
Content-Security-Policy is tricky to make it GENERAL

* i forget the if

f418e811

Dec 22, 2016
- Adds webhook! · 0a5b216f
  Pierre Ozoux authored Dec 22, 2016
  
  0a5b216f
Dec 14, 2016
- odoo timeout · 897d998e
  Pierre Ozoux authored Dec 14, 2016
  
  897d998e
Nov 26, 2016
- fixes various networks bug · dd9d1369
  Pierre Ozoux authored Nov 26, 2016
  
  dd9d1369
Nov 25, 2016
- rename services · ac22cce2
  Pierre Ozoux authored Nov 25, 2016
  
  ac22cce2
Oct 12, 2016
- Make it compatible with new network system · 6f3ba452
  Pierre Ozoux authored Oct 12, 2016
  
  6f3ba452
- keepalive ftw! · d217b49a
  Pierre Ozoux authored Oct 12, 2016
  
  d217b49a
Aug 06, 2016
- Use VIRTUAL_HOST · 8b6793ef
  Pierre Ozoux authored Aug 06, 2016
  
  8b6793ef
Jan 09, 2016
- Adds compression · 781a993c
  Pierre Ozoux authored Jan 09, 2016
  
  781a993c
Dec 21, 2015
- First commit · b5e70b39
  Pierre Ozoux authored Dec 21, 2015
  
  b5e70b39