How to allow multiple origin domains for Access-Control-Allow-Origin
Purpose of this document You want to allow multiple origins for CORS (Cross-Origin Resource Sharing). Setting SetEnvIf Origin [...]
Apache PHP security
Summarize the setting for security for apache /etc/httpd.conf ServerSignature Off ServerTokens Prod /etc/php.ini expose_php = off
How to get actual user’s IP behind ELB in REMOTE_ADDR
yes | yum install httpd24-devel; git clone; cd mod_extract_forwarded_for_2.4; apxs -c -i [...]
How to force HTTPS behind ELB
RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteCond %{HTTP_USER_AGENT} !^ELB-HealthChecker RewriteCond %{REMOTE_ADDR} !^10\. [...]