-
Notifications
You must be signed in to change notification settings - Fork 1
/
security.txt.conf
52 lines (41 loc) · 3.63 KB
/
security.txt.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
set $contact ""; set $encryption ""; set $acknowledgements ""; set $preferredlanguages ""; set $canonical ""; set $policy ""; set $hiring "";
################################################################################################
# You can replace ${basehost} with the following: #
# Any domain or subdomain (i.e. example.com or www.example.com) #
# ${host} - Normal, full hostname #
# ${basehost} - Mapped base hostname (i.e. www.example.com turns into example.com) #
# www.${basehost} - Redirects to some other subdomain of ${basehost} #
# #
# ${nospambasehost} - Contact only: Mapped anti-spam base hostname (i.e. example[dot]com) #
################################################################################################
# Contact: A link or e-mail address for people to contact you about security issues. Remember to include "https://" for URLs, and "mailto:" for e-mails.
# Can have more than one (i.e. "Contact: mailto:security@${basehost}\nContact: mailto:admin@${basehost}\n")
set $contact "Contact: mailto:security@${basehost}\n";
#set $contact "Contact: mailto:security[at]${nospambasehost}\n";
# Encryption: A link to a key which security researchers should use to securely talk to you. Remember to include "https://".
# Can have more than one (i.e. "Encryption: https://www.${basehost}/encryption1\nEncryption: https://www.${basehost}/encryption2\n")
set $encryption "Encryption: https://${basehost}/encryption\n";
# Acknowledgements: A link to a web page where you say thank you to security researchers who have helped you. Remember to include "https://".
# Can have more than one (i.e. "Acknowledgments: https://www.example.com/acknowledgements\nAcknowledgments: https://www.example.com/contributers\n")
set $acknowledgements "Acknowledgments: https://${basehost}/acknowledgements\n";
# Preferred-Languages: A comma-separated list of language codes that your security team speaks. You may include more than one language.
set $preferredlanguages "Preferred-Languages: en\n";
# Canonical: The most common URL for accessing your security.txt file. It is important to include this if you are digitally signing the security.txt file,
# so that researchers can know for sure that you didn't just steal someone else's file with the same content.
# Can ONLY have one.
set $canonical "Canonical: https://${basehost}/security.txt\n";
# Policy: A link to a policy detailing what security researchers should do when searching for or reporting security issues. Remember to include "https://".
# Can have more than one (i.e. "Policy: https://www.example.com/policy\nPolicy: https://www.example.com/security-policy\n")
set $policy "Policy: https://${basehost}/policy\n";
# Hiring: A link to any security-related job openings in your organisation. Remember to include "https://".
# Can have more than one (i.e. "Hiring: https://www.${basehost}/jobs\nHiring: https://jobs.${basehost}/\n")
set $hiring "Hiring: https://${basehost}/jobs\n";
set $securitytxt "${contact}${securityexpires}${encryption}${acknowledgements}${preferredlanguages}${canonical}${policy}${hiring}";
location /.well-known/security.txt {
add_header Content-Type text/plain;
return 200 $securitytxt;
}
location = /security.txt {
add_header Content-Type text/plain;
return 200 $securitytxt;
}