4 Apr 2018
What is security.txt?
Well basically when someone (security researcher) found a bug or vulnerability on your web application, this piece of text helps where to contact your security team, or proper way to report to.
Here you can find everything about what I am talking about if I don't make sense. Please check out and generate your security.txt, come back here and follow steps below to put on your web server.
Note: For non Nginx user
Steps I shown here are to apply to Nginx webserver since I like Nginx and use Nginx a lot. If you're using other than Nginx, (such as Apache) your configuration might liking and similar. Try looking at your web server documentation for syntax and configuration.
Lets get started!
I assume you already have your security.txt by make one or generate from the website. Edit the information to your liking and policies. Security.txt is placed on your web root.
Place security.txt in web root, such /var/www/myweb/.security.txt. In your /etc/nginx/sites-enabled/{your-site}.conf, add this in server block. The code itself self explanatory, which redirect a request URI '/security.txt' to '/.well-known/security.txt'. The content of security.txt itself given as alias to security.txt in your web root.
## security.txt implementation ##
location /security.txt {
return 301 http://$host/.well-known/security.txt;
}
location = /.well-known/security.txt {
alias /var/www/ghost/.security.txt;
}
When user navigate to https://myweb.com/security.txt it will be redirected 301 to https://myweb.com/.well-known/security.txt while the file itself is actualy in your web root. And of course, the user can also look for security.txt in uri /.well-known/security.txt.
If you have other better solutions or suggestion, please comment below!
Security Txt:
https://securitytxt.org/
https://github.com/securitytxt/security-txt/blob/master/draft-foudil-securitytxt.md
'%3E%3Cg id='Group'%3E%3Cg id='Combined Shape'%3E%3Cuse xlink:href='%23path0_fill' transform='translate(5201.49 697.468)' fill='%23FFFFFF'/%3E%3C/g%3E%3Cg id='Logo'%3E%3Cg id='Fill 1'%3E%3Cuse xlink:href='%23path1_fill' transform='translate(5188.19 700.863)' fill='%23FF9100'/%3E%3C/g%3E%3Cg id='Fill 2'%3E%3Cuse xlink:href='%23path2_fill' transform='translate(5188.19 700.863)' fill='%23FFDD00'/%3E%3C/g%3E%3Cg id='Fill 3'%3E%3Cuse xlink:href='%23path3_fill' transform='translate(5186.75 699.413)' fill='%23FFFFFF'/%3E%3C/g%3E%3Cg id='Stroke 4'%3E%3Cuse xlink:href='%23path4_stroke' transform='translate(5186.75 699.413)'/%3E%3C/g%3E%3Cg id='Fill 6'%3E%3Cuse xlink:href='%23path5_fill' transform='translate(5188.24 697.056)' fill='%23FFFFFF'/%3E%3C/g%3E%3Cg id='Group 11'%3E%3Cg id='Stroke 7'%3E%3Cuse xlink:href='%23path6_stroke' transform='translate(5188.24 697.056)' fill='%23050505'/%3E%3C/g%3E%3Cg id='Stroke 9'%3E%3Cuse xlink:href='%23path7_stroke' transform='translate(5187.29 700.863)'/%3E%3C/g%3E%3C/g%3E%3Cg id='Fill 12'%3E%3Cuse xlink:href='%23path8_fill' transform='translate(5187.07 705.304)' fill='%23FFFFFF'/%3E%3C/g%3E%3Cg id='Stroke 13'%3E%3Cuse xlink:href='%23path9_stroke' transform='translate(5187.07 705.304)'/%3E%3C/g%3E%3C/g%3E%3Cg id='Oval' opacity='0.2'%3E%3Cmask id='mask0_outline_ins'%3E%3Cuse xlink:href='%23path10_fill' fill='white' transform='translate(5180.65 701.166)'/%3E%3C/mask%3E%3Cg mask='url(%23mask0_outline_ins)'%3E%3Cuse xlink:href='%23path11_stroke_2x' transform='translate(5180.65 701.166)' fill='%23FFFFFF'/%3E%3C/g%3E%3C/g%3E%3Cg id='Oval' opacity='0.2'%3E%3Cuse xlink:href='%23path12_fill' transform='translate(5200.84 707.692)' fill='%23FFFFFF'/%3E%3C/g%3E%3Cg id='Oval'%3E%3Cuse xlink:href='%23path12_fill' transform='translate(5184.56 712.696)' fill='%23FFFFFF'/%3E%3C/g%3E%3C/g%3E%3C/g%3E%3Cdefs%3E%3Cpath id='path0_fill' fill-rule='evenodd' d='M 1.11914 0.172241C 1.02246 0.272827 0.962891 0.409363 0.962891 0.559753L 0.962891 0.962952L 0.55957 0.962952C 0.250488 0.962952 0 1.21356 0 1.52277C 0 1.83191 0.250488 2.08252 0.55957 2.08252L 0.962891 2.08252L 0.962891 2.48566C 0.962891 2.7948 1.21338 3.04547 1.52246 3.04547C 1.83203 3.04547 2.08252 2.7948 2.08252 2.48566L 2.08252 2.08252L 2.48584 2.08252C 2.79492 2.08252 3.04541 1.83191 3.04541 1.52277C 3.04541 1.21356 2.79492 0.962952 2.48584 0.962952L 2.08252 0.962952L 2.08252 0.559753C 2.08252 0.25061 1.83203 0 1.52246 0C 1.36377 0 1.2207 0.06604 1.11914 0.172241Z'/%3E%3Cpath id='path1_fill' fill-rule='evenodd' d='M 5.02978 0.0305451L 0 0L 2.46998 15.7258L 3.00889 15.7258L 7.94885 15.7258L 8.48776 15.7258L 10.9577 0L 5.02978 0.0305451Z'/%3E%3Cpath id='path2_fill' fill-rule='evenodd' d='M 5.02978 0.0305451L 0 0L 2.46998 15.7258L 3.00889 15.7258L 6.69141 15.7258L 7.23031 15.7258L 9.7003 0L 5.02978 0.0305451Z'/%3E%3Cpath id='path3_fill' fill-rule='evenodd' d='M 0 1.45021L 12.9786 1.45021L 12.9786 0L 0 0L 0 1.45021Z'/%3E%3Cpath id='path4_stroke' d='M 0 1.45021L -0.440282 1.45021L -0.440282 1.8905L 0 1.8905L 0 1.45021ZM 12.9786 1.45021L 12.9786 1.8905L 13.4189 1.8905L 13.4189 1.45021L 12.9786 1.45021ZM 12.9786 0L 13.4189 0L 13.4189 -0.440282L 12.9786 -0.440282L 12.9786 0ZM 0 0L 0 -0.440282L -0.440282 -0.440282L -0.440282 0L 0 0ZM 0 1.8905L 12.9786 1.8905L 12.9786 1.00993L 0 1.00993L 0 1.8905ZM 13.4189 1.45021L 13.4189 0L 12.5384 0L 12.5384 1.45021L 13.4189 1.45021ZM 12.9786 -0.440282L 0 -0.440282L 0 0.440282L 12.9786 0.440282L 12.9786 -0.440282ZM -0.440282 0L -0.440282 1.45021L 0.440282 1.45021L 0.440282 0L -0.440282 0Z'/%3E%3Cpath id='path5_fill' fill-rule='evenodd' d='M 8.98176 0L 5.88305 0L 4.04179 0L 0.943084 0L 0 2.17532L 4.04179 2.17532L 5.88305 2.17532L 9.92484 2.17532L 8.98176 0Z'/%3E%3Cpath id='path6_stroke' d='M 8.98176 0L 9.38571 -0.175129L 9.27076 -0.440282L 8.98176 -0.440282L 8.98176 0ZM 0.943084 0L 0.943084 -0.440282L 0.654085 -0.440282L 0.539131 -0.175129L 0.943084 0ZM 0 2.17532L -0.403953 2.00019L -0.670758 2.6156L 0 2.6156L 0 2.17532ZM 9.92484 2.17532L 9.92484 2.6156L 10.5956 2.6156L 10.3288 2.00019L 9.92484 2.17532ZM 8.98176 -0.440282L 5.88305 -0.440282L 5.88305 0.440282L 8.98176 0.440282L 8.98176 -0.440282ZM 5.88305 -0.440282L 4.04179 -0.440282L 4.04179 0.440282L 5.88305 0.440282L 5.88305 -0.440282ZM 4.04179 -0.440282L 0.943084 -0.440282L 0.943084 0.440282L 4.04179 0.440282L 4.04179 -0.440282ZM 0.539131 -0.175129L -0.403953 2.00019L 0.403953 2.35045L 1.34704 0.175129L 0.539131 -0.175129ZM 0 2.6156L 4.04179 2.6156L 4.04179 1.73504L 0 1.73504L 0 2.6156ZM 4.04179 2.6156L 5.88305 2.6156L 5.88305 1.73504L 4.04179 1.73504L 4.04179 2.6156ZM 5.88305 2.6156L 9.92484 2.6156L 9.92484 1.73504L 5.88305 1.73504L 5.88305 2.6156ZM 10.3288 2.00019L 9.38571 -0.175129L 8.5778 0.175129L 9.52089 2.35045L 10.3288 2.00019Z'/%3E%3Cpath id='path7_stroke' d='M 5.92796 0.0305451L 5.92569 0.470845L 5.93023 0.470821L 5.92796 0.0305451ZM 0 0L 0.00226862 -0.440276L -0.515251 -0.442943L -0.43495 0.0683159L 0 0ZM 2.46998 15.7258L 2.03503 15.7941L 2.09346 16.166L 2.46998 16.166L 2.46998 15.7258ZM 9.38594 15.7258L 9.38594 16.166L 9.76246 16.166L 9.82089 15.7941L 9.38594 15.7258ZM 11.8559 0L 12.2909 0.0683159L 12.3712 -0.442943L 11.8537 -0.440276L 11.8559 0ZM 5.93023 -0.409731L 0.00226862 -0.440276L -0.00226862 0.440276L 5.92569 0.470821L 5.93023 -0.409731ZM -0.43495 0.0683159L 2.03503 15.7941L 2.90493 15.6574L 0.43495 -0.0683159L -0.43495 0.0683159ZM 2.46998 16.166L 3.00889 16.166L 3.00889 15.2855L 2.46998 15.2855L 2.46998 16.166ZM 3.00889 16.166L 8.84703 16.166L 8.84703 15.2855L 3.00889 15.2855L 3.00889 16.166ZM 8.84703 16.166L 9.38594 16.166L 9.38594 15.2855L 8.84703 15.2855L 8.84703 16.166ZM 9.82089 15.7941L 12.2909 0.0683159L 11.421 -0.0683159L 8.95099 15.6574L 9.82089 15.7941ZM 11.8537 -0.440276L 5.92569 -0.409731L 5.93023 0.470821L 11.8582 0.440276L 11.8537 -0.440276Z'/%3E%3Cpath id='path8_fill' fill-rule='evenodd' d='M 12.2601 0L 6.34287 0L 5.91723 0L 0 0L 1.10682 6.25405L 6.13005 6.19953L 11.1533 6.25405L 12.2601 0Z'/%3E%3Cpath id='path9_stroke' d='M 12.2601 0L 12.6936 0.0767275L 12.7851 -0.440282L 12.2601 -0.440282L 12.2601 0ZM 0 0L 0 -0.440282L -0.525044 -0.440282L -0.433545 0.0767275L 0 0ZM 1.10682 6.25405L 0.673277 6.33077L 0.73833 6.69835L 1.1116 6.6943L 1.10682 6.25405ZM 6.13005 6.19953L 6.13483 5.75917L 6.12527 5.75927L 6.13005 6.19953ZM 11.1533 6.25405L 11.1485 6.6943L 11.5218 6.69835L 11.5868 6.33077L 11.1533 6.25405ZM 12.2601 -0.440282L 6.34287 -0.440282L 6.34287 0.440282L 12.2601 0.440282L 12.2601 -0.440282ZM 6.34287 -0.440282L 5.91723 -0.440282L 5.91723 0.440282L 6.34287 0.440282L 6.34287 -0.440282ZM 5.91723 -0.440282L 0 -0.440282L 0 0.440282L 5.91723 0.440282L 5.91723 -0.440282ZM -0.433545 0.0767275L 0.673277 6.33077L 1.54037 6.17732L 0.433545 -0.0767275L -0.433545 0.0767275ZM 1.1116 6.6943L 6.13483 6.63978L 6.12527 5.75927L 1.10204 5.81379L 1.1116 6.6943ZM 6.12527 6.63978L 11.1485 6.6943L 11.1581 5.81379L 6.13483 5.75927L 6.12527 6.63978ZM 11.5868 6.33077L 12.6936 0.0767275L 11.8266 -0.0767275L 10.7197 6.17732L 11.5868 6.33077Z'/%3E%3Cpath id='path10_fill' fill-rule='evenodd' d='M 1.845 3.69804C 2.86397 3.69804 3.69001 2.87021 3.69001 1.84902C 3.69001 0.827835 2.86397 0 1.845 0C 0.826036 0 0 0.827835 0 1.84902C 0 2.87021 0.826036 3.69804 1.845 3.69804Z'/%3E%3Cpath id='path11_stroke_2x' d='M 1.845 5.11673C 3.6504 5.11673 5.10869 3.65082 5.10869 1.84902L 2.27132 1.84902C 2.27132 2.0896 2.07754 2.27936 1.845 2.27936L 1.845 5.11673ZM 5.10869 1.84902C 5.10869 0.0472286 3.6504 -1.41869 1.845 -1.41869L 1.845 1.41869C 2.07754 1.41869 2.27132 1.60844 2.27132 1.84902L 5.10869 1.84902ZM 1.845 -1.41869C 0.0396073 -1.41869 -1.41869 0.0472286 -1.41869 1.84902L 1.41869 1.84902C 1.41869 1.60844 1.61246 1.41869 1.845 1.41869L 1.845 -1.41869ZM -1.41869 1.84902C -1.41869 3.65082 0.0396073 5.11673 1.845 5.11673L 1.845 2.27936C 1.61246 2.27936 1.41869 2.0896 1.41869 1.84902L -1.41869 1.84902Z'/%3E%3Cpath id='path12_fill' fill-rule='evenodd' d='M 0.868237 1.74026C 1.34775 1.74026 1.73647 1.35069 1.73647 0.870128C 1.73647 0.38957 1.34775 0 0.868237 0C 0.388723 0 0 0.38957 0 0.870128C 0 1.35069 0.388723 1.74026 0.868237 1.74026Z'/%3E%3C/defs%3E%3C/svg%3E%0A)