Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Herbster0815:pihole
pi-hole-web
lighttpd.pi-hole.conf
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File lighttpd.pi-hole.conf of Package pi-hole-web
# Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. # # Lighttpd config for Pi-hole # # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. ############################################################################### # FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. # # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # # # # CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE: # # /etc/lighttpd/external.conf # ############################################################################### server.modules = ( "mod_auth", "mod_access", "mod_accesslog", "mod_expire", "mod_deflate", "mod_redirect", "mod_setenv", "mod_rewrite", "mod_fastcgi" ) mimetype.assign = ( ".html" => "text/html", ".txt" => "text/plain", ".css" => "text/css", ".js" => "application/x-javascript", ".jpg" => "image/jpeg", ".jpeg" => "image/jpeg", ".gif" => "image/gif", ".png" => "image/png", ".svg" => "image/svg+xml", # thanks to nikke "" => "application/octet-stream" ) fastcgi.server = ( ".php" => ( "localhost" => ( "bin-path" => "/usr/bin/php-cgi -d session.save_path=/tmp/", "socket" => "/tmp/php-fastcgi.sock", "broken-scriptfilename" => "enable", "max-procs" => 4, "bin-environment" => ( "PHP_FCGI_CHILDREN" => "1" # default value ) ) ) ) server.document-root = "/var/www/html/pihole" server.error-handler-404 = "/pihole/index.php" server.errorlog = "/var/log/lighttpd/error-pihole.log" server.username = "lighttpd" server.groupname = "www" server.port = 80 accesslog.filename = "/var/log/lighttpd/access-pihole.log" accesslog.format = "%{%s}t|%V|%r|%s|%b" # https://redmine.lighttpd.net/boards/2/topics/10202 server.feature-flags += ("server.pcre_jit" => "disable") index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) deflate.cache-dir = "/var/cache/lighttpd/compress/" deflate.mimetypes = ( "application/javascript", "text/css", "text/html", "text/plain" ) # If the URL starts with /admin, it is the Web interface $HTTP["url"] =~ "^/admin/" { # X-Pi-hole is a response header for debugging using curl -I # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >. # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code. # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS). # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains. # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all. setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY", "X-XSS-Protection" => "1; mode=block", "X-Content-Type-Options" => "nosniff", "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';", "X-Permitted-Cross-Domain-Policies" => "none", "Referrer-Policy" => "same-origin" ) } $HTTP["url"] =~ ".ttf$" { # Allow Block Page access to local fonts setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) } # Block . files from being served, such as .git, .github, .gitignore $HTTP["url"] =~ "^/admin/\.(.*)" { url.access-deny = ("") } # allow teleporter and API qr code iframe on settings page $HTTP["url"] =~ "/(teleporter|api_token)\.php$" { $HTTP["referer"] =~ "/admin/settings\.php" { setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) } } # Default expire header expire.url = ( "" => "access plus 0 seconds" )
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor