What is the best way to add apache directives that turn on and off security features? For example, we normally add things like this:
- FileETag None
- TraceEnable off
- Header unset “X-Powered-By”
- Header unset “Via”
- Header unset “ETag”
to our apache configs. I have been abusing the ssl: yaml tag in my ood_portal.yml file as it seems to get the flags in there appropriately. Is there another tag I should be using? or should I be placing items like that in another config file completely, and not configure it with Open OnDemand?
What directive do you usually put those under? Is it under the entire
VirtualHost or the
Directory or a
Location? If you are overloading the
ssl tag I’m guessing you put these for the entire VirtualHost. You could also overload the
auth directive to embed those settings under the various
LocationMatch blocks that require authentication.
There is an issue for this: Support adding arbitrary Apache directives to sections of ood-portal.conf · Issue #708 · OSC/ondemand · GitHub - if that proposed solution looks like it might work, let us know and we can try and get this into future 2.1 release
Yes i think the solution will work for me