CJHarms CJHarms
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add ssl cipher THEN-Ciphers | |
| bind ssl cipher THEN-Ciphers -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384 | |
| bind ssl cipher THEN-Ciphers -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256 | |
| bind ssl cipher THEN-Ciphers -cipherName TLS1.2-ECDHE-RSA-AES-256-SHA384 | |
| bind ssl cipher THEN-Ciphers -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256 | |
| bind ssl cipher THEN-Ciphers -cipherName TLS1-ECDHE-RSA-AES256-SHA | |
| bind ssl cipher THEN-Ciphers -cipherName TLS1-ECDHE-RSA-AES128-SHA | |
| bind ssl cipher THEN-Ciphers -cipherName TLS1.2-AES256-GCM-SHA384 | |
| bind ssl cipher THEN-Ciphers -cipherName TLS1.2-AES128-GCM-SHA256 |
CJHarms
/ NetScaler-MPX-Legacy.conf
Last active
March 8, 2016 19:05
NetScaler MPX Cipher Group (Legacy)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add ssl cipher THEN-Legacy | |
| bind ssl cipher THEN-Legacy -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384 | |
| bind ssl cipher THEN-Legacy -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256 | |
| bind ssl cipher THEN-Legacy -cipherName TLS1.2-ECDHE-RSA-AES-256-SHA384 | |
| bind ssl cipher THEN-Legacy -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256 | |
| bind ssl cipher THEN-Legacy -cipherName TLS1-ECDHE-RSA-AES256-SHA | |
| bind ssl cipher THEN-Legacy -cipherName TLS1-ECDHE-RSA-AES128-SHA | |
| bind ssl cipher THEN-Legacy -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384 | |
| bind ssl cipher THEN-Legacy -cipherName TLS1.2-DHE-RSA-AES128-GCM-SHA256 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add ssl cipher THEN-VPX | |
| bind ssl cipher THEN-VPX -cipherName TLS1-ECDHE-RSA-AES256-SHA | |
| bind ssl cipher THEN-VPX -cipherName TLS1-ECDHE-RSA-AES128-SHA | |
| bind ssl cipher THEN-VPX -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA | |
| bind ssl cipher THEN-VPX -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA | |
| bind ssl cipher THEN-VPX -cipherName TLS1.2-AES-256-SHA256 | |
| bind ssl cipher THEN-VPX -cipherName TLS1.2-AES-128-SHA256 | |
| bind ssl cipher THEN-VPX -cipherName TLS1-AES-256-CBC-SHA | |
| bind ssl cipher THEN-VPX -cipherName TLS1-AES-128-CBC-SHA |
CJHarms
/ NetScaler-VPX-Legacy.conf
Last active
March 8, 2016 19:05
NetScaler VPX Cipher Group (Legacy)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add ssl cipher THEN-VPXLegacy | |
| bind ssl cipher THEN-VPXLegacy -cipherName TLS1-ECDHE-RSA-AES256-SHA | |
| bind ssl cipher THEN-VPXLegacy -cipherName TLS1-ECDHE-RSA-AES128-SHA | |
| bind ssl cipher THEN-VPXLegacy -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA | |
| bind ssl cipher THEN-VPXLegacy -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA | |
| bind ssl cipher THEN-VPXLegacy -cipherName TLS1.2-AES-256-SHA256 | |
| bind ssl cipher THEN-VPXLegacy -cipherName TLS1.2-AES-128-SHA256 | |
| bind ssl cipher THEN-VPXLegacy -cipherName TLS1-AES-256-CBC-SHA | |
| bind ssl cipher THEN-VPXLegacy -cipherName TLS1-AES-128-CBC-SHA |
CJHarms
/ NetScaler-HPKP-ReportOnly.conf
Created
March 8, 2016 18:48
NetScaler HPKP Header (ReportOnly)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add rewrite action rw_act_insert_HPKP_header_reportonly insert_http_header Public-Key-Pins-Report-Only q{"pin-sha256=\"YVVIpxLZnjlsfta2U7MPwvUp56oSVYlV/JNHtwhRDgI=\"; pin-sha256=\"6X0iNAQtPIjXKEVcqZBwyMcRwq1yW60549axatu3oDE=\"; pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; max-age=600; includeSubDomains; report-uri=\"https://report-uri.io/report/URL/reportonly\""} | |
| add rewrite policy rw_pol_enable_HPKP_Reporting TRUE rw_act_insert_HPKP_header_reportonly |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add rewrite action rw_act_insert_HPKP_header insert_http_header Public-Key-Pins q{"pin-sha256=\"YVVIpxLZnjlsfta2U7MPwvUp56oSVYlV/JNHtwhRDgI=\"; pin-sha256=\"6X0iNAQtPIjXKEVcqZBwyMcRwq1yW60549axatu3oDE=\"; pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; max-age=60; includeSubDomains; report-uri=\"https://report-uri.io/report/URL\""} | |
| add rewrite policy rw_pol_enforce_HPKP TRUE rw_act_insert_HPKP_header |
CJHarms
/ NetScaler-CSP-ReportOnly.conf
Created
March 8, 2016 18:53
NetScaler CSP Header (ReportOnly)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add rewrite action rw_act_insert_CSP_header_reportonly insert_http_header Content-Security-Policy-Report-Only "\"default-src \'self\' \'unsafe-inline\' \'unsafe-eval\' ; img-src \'self\' data ; connect-src \'self\' wss ; report-uri https://report-uri.io/report/URL/reportonly\"" | |
| add rewrite policy rw_pol_enforce_CSP_Reporting TRUE rw_act_insert_CSP_header_reportonly |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add rewrite action rw_act_insert_CSP_header insert_http_header Content-Security-Policy "\"default-src \'self\' ; img-src \'self\' \'data\' ; connect-src \'self\' \'wss\' ; report-uri https://report-uri.io/report/URL;\"" | |
| add rewrite policy rw_pol_enforce_CSP TRUE rw_act_insert_CSP_header |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add rewrite action rw_act_insert_HSTS_header insert_http_header Strict-Transport-Security "\"max-age=157680000; includeSubDomains; preload\"" | |
| add rewrite policy rw_pol_enforce_HSTS TRUE rw_act_insert_HSTS_header |
CJHarms
/ NetScaler-XContent.conf
Created
March 8, 2016 18:58
NetScaler X-Content-Type-Options Header
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add rewrite action rw_act_insert_XContent_header insert_http_header X-Content-Type-Options "\"nosniff\"" | |
| add rewrite policy rw_pol_enforce_XContent TRUE rw_act_insert_XContent_header |
OlderNewer