.: security.txt
This website now also serves a security.txt file which is a standardized way of making security contact information available. (Wikipedia)
The file is available in two locations /security.txt (the classic location) and /.well-known/security.txt (the standard location following RFC8615).
To easily add the file on all my domains, I'm using the following nginx config snippet.
location /security.txt {
add_header Content-Type 'text/plain';
add_header Cache-Control 'no-cache, no-store, must-revalidate';
add_header Pragma 'no-cache';
add_header Expires '0';
add_header Vary '*';
return 200 "Contact: mailto:andreas+security.txt@jaggi.info\nExpires: Tue, 19 Jan 2038 03:14:07 +0000\nEncryption: http://andreas-jaggi.ch/A3A54203.asc\n";
}
location /.well-known/security.txt {
add_header Content-Type 'text/plain';
add_header Cache-Control 'no-cache, no-store, must-revalidate';
add_header Pragma 'no-cache';
add_header Expires '0';
add_header Vary '*';
return 200 "Contact: mailto:andreas+security.txt@jaggi.info\nExpires: Tue, 19 Jan 2038 03:14:07 +0000\nEncryption: http://andreas-jaggi.ch/A3A54203.asc\n";
}
This snippet is stored in a dedicated file (/etc/nginx/conf_includes/securitytxt) and is included in the various server config blocks like this:
server {
server_name example.com;
include /etc/nginx/conf_includes/securitytxt;
location / {
# rest of website
}
}
|