Basic hardening

webmails/nginx-webmail.conf

@@ -16,6 +16,11 @@ server {
 
     # set maximum body size to configured limit
     client_max_body_size {{ MESSAGE_SIZE_LIMIT|int + 8388608 }};
+    fastcgi_hide_header X-Powered-By;
+    add_header X-Download-Options "noopen" always;
+    add_header X-Robots-Tag "none" always;
+    add_header X-Permitted-Cross-Domain-Policies "none" always;
+    add_header Referrer-Policy "no-referrer" always;
 
     location / {
         try_files $uri $uri/ /index.php$args;
@@ -42,10 +47,14 @@ server {
         {% endif %}
     }
 
-    location ~ /\. {
+    location ~ (^|/)\. {
         deny all;
     }
 
+    location ~* ^/(config|temp|logs) {
+       deny all;
+    }
+
     location ^~ /data {
        deny all;
     }