mirror of
https://github.com/pi-hole/pi-hole.git
synced 2024-11-15 02:42:58 +00:00
76 lines
3.6 KiB
Text
76 lines
3.6 KiB
Text
|
# Pi-hole: A black hole for Internet advertisements
|
|||
|
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
|
|||
|
# Network-wide ad blocking via your own hardware.
|
|||
|
#
|
|||
|
# Lighttpd config for Pi-hole
|
|||
|
#
|
|||
|
# This file is copyright under the latest version of the EUPL.
|
|||
|
# Please see LICENSE file for your rights under this license.
|
|||
|
|
|||
|
###############################################################################
|
|||
|
# FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
|
|||
|
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
|
|||
|
###############################################################################
|
|||
|
|
|||
|
$HTTP["url"] =~ "^/admin/" {
|
|||
|
server.document-root = "/var/www/html"
|
|||
|
server.stream-response-body = 1
|
|||
|
fastcgi.server = (
|
|||
|
".php" => (
|
|||
|
"localhost" => (
|
|||
|
"socket" => "/tmp/pihole-php-fastcgi.socket",
|
|||
|
"bin-path" => "/usr/bin/php-cgi",
|
|||
|
"min-procs" => 0,
|
|||
|
"max-procs" => 1,
|
|||
|
)
|
|||
|
)
|
|||
|
)
|
|||
|
|
|||
|
# X-Pi-hole is a response header for debugging using curl -I
|
|||
|
# X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
|
|||
|
# X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. (deprecated; disabled)
|
|||
|
# X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
|
|||
|
# Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
|
|||
|
# X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
|
|||
|
# Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
|
|||
|
setenv.add-response-header = (
|
|||
|
"X-Pi-hole" => "The Pi-hole Web interface is working!",
|
|||
|
"X-Frame-Options" => "DENY",
|
|||
|
"X-XSS-Protection" => "0",
|
|||
|
"X-Content-Type-Options" => "nosniff",
|
|||
|
"Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
|
|||
|
"X-Permitted-Cross-Domain-Policies" => "none",
|
|||
|
"Referrer-Policy" => "same-origin"
|
|||
|
)
|
|||
|
|
|||
|
# Block . files from being served, such as .git, .github, .gitignore
|
|||
|
$HTTP["url"] =~ "^/admin/\." {
|
|||
|
url.access-deny = ("")
|
|||
|
}
|
|||
|
|
|||
|
# allow teleporter and API qr code iframe on settings page
|
|||
|
$HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
|
|||
|
$HTTP["referer"] =~ "/admin/settings\.php" {
|
|||
|
setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
else $HTTP["url"] == "/admin" {
|
|||
|
url.redirect = ("" => "/admin/")
|
|||
|
}
|
|||
|
|
|||
|
$HTTP["host"] == "pi.hole" {
|
|||
|
$HTTP["url"] == "/" {
|
|||
|
url.redirect = ("" => "/admin/")
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
# (safe to enable after pihole ceases to support Debian 10 (Buster))
|
|||
|
# (For lighttpd 1.4.56+ which ignores duplicated server.modules entries)
|
|||
|
#server.modules += (
|
|||
|
# "mod_access",
|
|||
|
# "mod_redirect",
|
|||
|
# "mod_fastcgi",
|
|||
|
# "mod_setenv",
|
|||
|
#)
|