Update Cloudflare info
Alexis Sardá
parent
fed99a980c
commit
901872a10b
|
|
@ -51,21 +51,27 @@ If you prefer, you can also directly specify a value instead of substituting an
|
|||
|
||||
# Uncomment to improve security (WARNING: only use if you understand the implications!)
|
||||
# If you want to use FIDO2 WebAuthn, set X-Frame-Options to "SAMEORIGIN" or the Browser will block those requests
|
||||
# header {
|
||||
# # Enable HTTP Strict Transport Security (HSTS)
|
||||
# Strict-Transport-Security "max-age=31536000;"
|
||||
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
# X-XSS-Protection "1; mode=block"
|
||||
# # Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
# X-Frame-Options "SAMEORIGIN"
|
||||
# # Prevent search engines from indexing (optional)
|
||||
# X-Robots-Tag "none"
|
||||
# # Server name removing
|
||||
# -Server
|
||||
# header / {
|
||||
# # Enable HTTP Strict Transport Security (HSTS)
|
||||
# Strict-Transport-Security "max-age=31536000;"
|
||||
# # Disable cross-site filter (XSS)
|
||||
# X-XSS-Protection "0"
|
||||
# # Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
# X-Frame-Options "DENY"
|
||||
# # Prevent search engines from indexing (optional)
|
||||
# X-Robots-Tag "noindex, nofollow"
|
||||
# # Disallow sniffing of X-Content-Type-Options
|
||||
# X-Content-Type-Options "nosniff"
|
||||
# # Server name removing
|
||||
# -Server
|
||||
# # Remove X-Powered-By though this shouldn't be an issue, better opsec to remove
|
||||
# -X-Powered-By
|
||||
# # Remove Last-Modified because etag is the same and is as effective
|
||||
# -Last-Modified
|
||||
# }
|
||||
|
||||
# Uncomment to allow access to the admin interface only from local networks
|
||||
# import admin_redir
|
||||
# import admin_redir
|
||||
|
||||
# Proxy everything to Rocket
|
||||
# if located at a sub-path the reverse_proxy line will look like:
|
||||
|
|
@ -74,6 +80,9 @@ If you prefer, you can also directly specify a value instead of substituting an
|
|||
# Send the true remote IP to Rocket, so that Vaultwarden can put this in the
|
||||
# log, so that fail2ban can ban the correct IP.
|
||||
header_up X-Real-IP {remote_host}
|
||||
# If you use Cloudlfare proxying, replace remote_host with http.request.header.Cf-Connecting-Ip
|
||||
# See https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/
|
||||
# and https://caddy.community/t/forward-auth-copy-headers-value-not-replaced/16998/4
|
||||
}
|
||||
}
|
||||
```
|
||||
|
|
|
|||
Loading…
Reference in New Issue