storage normalization, security middlewares
All checks were successful
/ continuous-deploy (push) Successful in 23s
All checks were successful
/ continuous-deploy (push) Successful in 23s
This commit is contained in:
Márcio Fernandes
41
deploy/infra/middlewares.yaml
Normal file
41
deploy/infra/middlewares.yaml
Normal file
@@ -0,0 +1,41 @@
|
||||
# Strip Authorization header for WebDAV so Authentik doesn't try to interpret Basic Auth
|
||||
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: webdav-strip-auth
|
||||
spec:
|
||||
headers:
|
||||
customRequestHeaders:
|
||||
Authorization: ""
|
||||
|
||||
---
|
||||
# Rate limit to protect from brute force / bots
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: rate-limit
|
||||
spec:
|
||||
rateLimit:
|
||||
average: 50
|
||||
burst: 100
|
||||
|
||||
---
|
||||
# Optional: security headers for UI
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: security-headers
|
||||
spec:
|
||||
headers:
|
||||
stsSeconds: 31536000
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
browserXssFilter: true
|
||||
contentTypeNosniff: true
|
||||
frameDeny: true
|
||||
referrerPolicy: "no-referrer"
|
||||
customResponseHeaders:
|
||||
X-Content-Type-Options: "nosniff"
|
||||
X-Frame-Options: "DENY"
|
||||
X-XSS-Protection: "1; mode=block"
|
||||
Reference in New Issue
Block a user