From 7e10bf6fbab01d530d0b62790fd37f5b13f659c6 Mon Sep 17 00:00:00 2001
From: "Christian P. MOMON" <christian.momon@devinsy.fr>
Date: Sun, 31 Oct 2021 11:32:32 +0100
Subject: [PATCH] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'infra/apache.md'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infra/apache.md | 52 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 51 insertions(+), 1 deletion(-)

diff --git a/infra/apache.md b/infra/apache.md
index b006663..583a7e3 100644
--- a/infra/apache.md
+++ b/infra/apache.md
@@ -1 +1,51 @@
-# Apache
\ No newline at end of file
+# Apache
+
+## Prérequis
+
+Activer le module `headers` :
+```
+a2enmode headers
+apachectl configtest
+systemctl reload Apache2
+```
+
+## Activation de HSTS
+
+Créer le fichier `/etc/apache2/hsts.conf` :
+```
+# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)                                     
+Header always set Strict-Transport-Security "max-age=63072000"
+``` 
+
+Inclure la configuration HSTS dans la configuration des sites web hébergés :
+``` 
+<VirtualHost *:443>
+        […]
+        Include hsts.conf
+        […]
+</VirtualHost>
+```
+
+## Activation de CSP
+
+Créer le fichier `/etc/apache2/csp.conf` :
+```
+Header set Content-Security-Policy "default-src 'self'; frame-ancestors 'self';"
+Header set X-Frame-Options "SAMEORIGIN"
+``` 
+
+Inclure la configuration HSTS dans la configuration des sites web hébergés :
+``` 
+<VirtualHost *:443>
+        […]
+        Include csp.conf
+        […]
+</VirtualHost>
+```
+
+## Vérification Mozilla Observatory
+
+Mozilla met à disposition un service pour évaluer la configuration d'un site web. Vive recommandation de l'utiliser.
+
+Exemples :
+* https://observatory.mozilla.org/analyze/www.libre-service.eu