HTTP Security Header Not Detected

[philbong_borces]

Hello,

After installing the FreeNas Application, we made a Vulnerability Access Scan using Qualys and got a result regarding the result "HTTP Security Header Not Detected". We tried doing simple edits in a configuration file particularly "nginx" but after the restart the configuration is wiped out. Let me know if you need more information.


Thank you,


Philbert

 

[Jailer]

FreeNAS is not meant to be exposed directly to the internet. There is much discussion here on the forum regarding this.

 

[philbong_borces]

FreeNAS is not meant to be exposed directly to the internet. There is much discussion here on the forum regarding this.

Hello Jailer, thanks for your reply. Additional question.

After googling, i found one that we can try to create Jail and create a script to copy the config below to a nginx.conf file. Will that work?

X-Frame-Options: add_header X-Frame-Options SAMEORIGIN;
X-XSS-Protection: add_header X-XSS-Protection "1; mode=block";
X-Content-Type-Options: add_header X-Content-Type-Options nosniff;


Thank you