ansible-role-httpd: Installing the HTTPd Server

This Ansible role is designed to install the Apache HTTPd HTTP server on RHEL/CentOS systems.

Role Variables

mod_headers

• httpd_headers_xss_protection: "1; mode=block": Sets the X-XSS-Protection header for cross-site scripting protection.
• httpd_headers_x_content_type_options: "nosniff": Sets the X-Content-Type-Options header to prevent MIME type sniffing.
• httpd_headers_referer_policy: "strict-origin": Sets the Referrer-Policy header to control referrer information.
• httpd_headers_csp: "": Sets the Content-Security-Policy header. This is unset by default.
• httpd_headers_xframe_options: "SAMEORIGIN": Sets the X-Frame-Options header to prevent clickjacking.
• httpd_headers_feature_policy: "": Sets the Feature-Policy header. This is unset by default.
• httpd_headers_hsts: "max-age=15552001; includeSubDomains;": Sets the HTTP Strict Transport Security (HSTS) header for better security.

mod_ssl

• httpd_ssl_cipher_order: "on": Enables the SSLHonorCipherOrder option for better security.
• httpd_ssl_protocol: Sets the SSLProtocol to determine which SSL/TLS protocols are used.
• httpd_ssl_cipher_suite: Sets the SSLCipherSuite to configure the cipher suites for SSL.
• httpd_ssl_compression: "off": Disables the SSLCompression option to prevent CRIME attacks.
• httpd_ssl_session_tickets: "off": Disables SSLSessionTickets for better security.

Refer to the HTTPd document on TLS encryption and check out the Mozilla SSL Configuration Generator.

mod_security

• httpd_security_server_tokens: "Prod": Sets the ServerTokens option to limit the information sent about the server.
• httpd_security_signature: "Off": Disables the ServerSignature option to hide server version details.
• httpd_security_secserver_signature: "": Sets the SecServerSignature within the security2_module.