Secure MIME Types with X-Content-Type-Options in Apache

Objective

Every resource served from a web server is associated with MIME type (also called content-type).

There is a possibility to execute style sheet and steal content from another site through content type doesn’t match.

You may prevent this vulnerability in Internet Explorer or Google Chrome by adding “nosniff” in the header.

Add X-Content-Type-Options header in Apache to reduce MIME types attack risk.

Solution

Edit your Apache configuration file/etc/apache2/httpd.conf and add the following to your VirtualHost.

# Load the headers module
LoadModule headers_module modules/mod_headers.so

<VirtualHost *:443>
    # Secure MIME Types with X-Content-Type-Options
    Header set X-Content-Type-Options nosniff
</VirtualHost>

Reload Apache

[root@nowherelan]# systemctl reload httpd.service

Go to Geek Flare’s Test Site and test your site . The output will tell you if you have everything correct.

My System Configuration

  • CentOS 7
  • Apache 2.4

References

Leave a Reply

Your email address will not be published. Required fields are marked *