From 7bc2844b9d01269db9af6e4d2a57a7640d0dc826 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Mon, 2 May 2016 18:51:02 -0400 Subject: [PATCH] Remove X-Pi-hole header Also adds `X-Frame-Options: DENY` for the admin directory, so that an ad can't load it into a frame --- advanced/lighttpd.conf | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/advanced/lighttpd.conf b/advanced/lighttpd.conf index 124371a9..761f9a24 100644 --- a/advanced/lighttpd.conf +++ b/advanced/lighttpd.conf @@ -46,13 +46,11 @@ include_shell "/usr/share/lighttpd/include-conf-enabled.pl" # If the URL starts with /admin, it is the Web interface $HTTP["url"] =~ "^/admin/" { # Create a response header for debugging using curl -I - setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" ) + setenv.add-response-header = ( "X-Frame-Options" => "DENY" ) } # If the URL does not start with /admin, then it is a query for an ad domain $HTTP["url"] =~ "^(?!/admin)/.*" { - # Create a response header for debugging using curl -I - setenv.add-response-header = ( "X-Pi-hole" => "A black hole for Internet advertisements." ) - # rewrite only js requests - url.rewrite = ("(.*).js" => "pihole/index.js") + # rewrite only js requests + url.rewrite = ("(.*).js" => "pihole/index.js") }