diff options
authorPeter Volkov <>2011-10-18 06:17:57 +0000
committerPeter Volkov <>2011-10-18 06:17:57 +0000
commit3ed7d3df802077ac787419e072b297217234b6ef (patch)
parentPatch to fix Reverse Proxy Mode Security Bypass (CVE-2011-3368). (diff)
Update default to better match upstream intentions, thank Steve Dibb for report in bug #387157.
1 files changed, 22 insertions, 2 deletions
diff --git a/2.2/conf/modules.d/00_default_settings.conf b/2.2/conf/modules.d/00_default_settings.conf
index 5dc223b..0fa43b2 100644
--- a/2.2/conf/modules.d/00_default_settings.conf
+++ b/2.2/conf/modules.d/00_default_settings.conf
@@ -68,8 +68,28 @@ HostnameLookups Off
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
-#EnableMMAP off
-#EnableSendfile off
+EnableMMAP On
+EnableSendfile On
+# FileEtag: Configures the file attributes that are used to create
+# the ETag (entity tag) response header field when the document is
+# based on a static file. (The ETag value is used in cache management
+# to save network bandwidth.)
+FileEtag INode MTime Size
+# ContentDigest: This directive enables the generation of Content-MD5
+# headers as defined in RFC1864 respectively RFC2616.
+# The Content-MD5 header provides an end-to-end message integrity
+# check (MIC) of the entity-body. A proxy or client may check this
+# header for detecting accidental modification of the entity-body
+# in transit.
+# Note that this can cause performance problems on your server since
+# the message digest is computed on every request (the values are
+# not cached).
+# Content-MD5 is only sent for documents served by the core, and not
+# by any module. For example, SSI documents, output from CGI scripts,
+# and byte range responses do not have this header.
+ContentDigest Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>