• Hi all,

    How modify nginx config in /user/local/etc/ngnix

    for this adding :

    add_header X-XSS-Protection "1; mode=block";
     add_header Expect-CT "enforce, max-age=300, report-uri='https://.fr/'"; server_tokens off;
    

    Same issues for this files :

    /var/etc/nginx-webConfigurator.conf

     server {
                listen 443 ssl http2;
                listen [::]:443 ssl http2;
    
                ssl_certificate         /var/etc/cert.crt;
                ssl_certificate_key     /var/etc/cert.key;
                ssl_session_timeout     10m;
                keepalive_timeout       70;
                ssl_session_cache       shared:SSL:10m;
                ssl_protocols   TLSv1.2 TLSv1.3;
                ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
                ssl_prefer_server_ciphers       on;
                add_header Strict-Transport-Security "max-age=31536000";
                add_header X-Content-Type-Options nosniff;
                ssl_session_tickets off;
                ssl_dhparam /etc/dh-parameters.4096;
    

    Config is keep in the file config, but never updated after Webconfigurator restart.

    If i try to modify in another modules the modify is deleted during restart of WebConfigurator.

    Any idea ?

    PS : kali linux scan (nikto) :

    c4233347-7140-4113-a39d-e5870df23a68-image.png

    Thanks.