Secure MIME Types with X-Content-Type-Options in Apache

Objective

Every resource served from a web server is associated with MIME type (also called content-type).

There is a possibility to execute style sheet and steal content from another site through content type doesn’t match.

You may prevent this vulnerability in Internet Explorer or Google Chrome by adding “nosniff” in the header.

Add X-Content-Type-Options header in Apache to reduce MIME types attack risk.

Solution

Edit your Apache configuration file/etc/apache2/httpd.conf and add the following to your VirtualHost.

# Load the headers module
LoadModule headers_module modules/mod_headers.so

<VirtualHost *:443>
    # Secure MIME Types with X-Content-Type-Options
    Header set X-Content-Type-Options nosniff
</VirtualHost>

Reload Apache

[root@nowherelan]# systemctl reload httpd.service

Go to Geek Flare’s Test Site and test your site . The output will tell you if you have everything correct.

My System Configuration

CentOS 7
Apache 2.4

References

https://geekflare.com/secure-mime-types-in-apache-nginx-with-x-content-type-options/
https://tools.geekflare.com/tools/mime-sniffing-test

S	M	T	W	T	F	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

nowhereLAN

Secure MIME Types with X-Content-Type-Options in Apache

Objective

Solution

My System Configuration

References

Leave a Reply Cancel reply

David Lehman's System Administration Blog

Objective

Solution

My System Configuration

References

Share this:

Leave a Reply Cancel reply

David Lehman's System Administration Blog