赞
踩
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <security> <requestFiltering> <requestLimits> <headerLimits> <!--检测到目标主机可能存在缓慢的HTTP拒绝服务攻击--> <add header="Content-type" sizeLimit="100" /> </headerLimits> </requestLimits> </requestFiltering> </security> <httpProtocol> <customHeaders> <!--检测到目标X-Content-Type-Options响应头缺失--> <add name="X-Content-Type-Options" value="nosniff" /> <!--检测到目标X-XSS-Protection响应头缺失--> <add name="X-XSS-Protection" value="1" /> <!--检测到目标Content-Security-Policy响应头缺失--> <!-- <add name="Content-Security-Policy" value="default-src 'self'" /> --> <!--检测到目标Strict-Transport-Security响应头缺失--> <add name="Strict-Transport-Security" value="max-age=31536000" /> <!--检测到目标Referrer-Policy响应头缺失--> <add name="Referrer-Policy" value="origin-when-cross-origin" /> <!--检测到目标X-Permitted-Cross-Domain-Policies响应头缺失--> <add name="X-Permitted-Cross-Domain-Policies" value="master-only" /> <!--检测到目标X-Download-Options响应头缺失--> <add name="X-Download-Options" value="noopen" /> <!--点击劫持:X-Frame-Options未配置--> <add name="X-Frame-Options" value="deny" /> </customHeaders> </httpProtocol> </system.webServer> <!-- <system.applicationHost> --> <!--检测到目标主机可能存在缓慢的HTTP拒绝服务攻击--> <!-- <webLimits connectionTimeout="00:00:30" headerWaitTimeout="00:00:10" dynamicIdleThreshold="150" minBytesPerSecond="512" /> --> <!-- </system.applicationHost> --> </configuration>
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。