What is the best way to add apache directives that turn on and off security features? For example, we normally add things like this:
FileETag None
TraceEnable off
Header unset “X-Powered-By”
Header unset “Via”
Header unset “ETag”
to our apache configs. I have been abusing the ssl: yaml tag in my ood_portal.yml file as it seems to get the flags in there appropriately. Is there another tag I should be using? or should I be placing items like that in another config file completely, and not configure it with Open OnDemand?
What directive do you usually put those under? Is it under the entire VirtualHost or the Directory or a Location? If you are overloading the ssl tag I’m guessing you put these for the entire VirtualHost. You could also overload the auth directive to embed those settings under the various Location and LocationMatch blocks that require authentication.