#
# Load the module if not already present
<IfModule !mod_policy.c>
  LoadModule policy_module modules/mod_policy.so
</IfModule>

#
# Typical policy for static content.
# Swap "enforce" for "log" to complain about violations rather
# than failing.
<Location />
  SetOutputFilter POLICY_TYPE;POLICY_LENGTH;POLICY_KEEPALIVE;POLICY_VARY;POLICY_VALIDATION;POLICY_CONDITIONAL;POLICY_NOCACHE;POLICY_MAXAGE

  # content type must be present and valid, but can be anything
  PolicyType enforce */*

  # reject if no explicitly declared content length
  PolicyLength enforce

  # covered by the policy length filter
  PolicyKeepalive ignore

  # reject if User-Agent appears within Vary headers
  PolicyVary enforce User-Agent

  # we want to enforce validation
  PolicyValidation enforce

  # non-functional conditional responses should be rejected
  PolicyConditional enforce

  # no-cache responses should be rejected
  PolicyNocache enforce

  # maxage must be at least a day
  PolicyMaxage enforce 86400

  # request version can be anything
  PolicyVersion ignore HTTP/1.1

  # define documentation links
  PolicyConditionalURL http://httpd.apache.org/docs/trunk/compliance.html#policyconditional
  PolicyLengthURL http://httpd.apache.org/docs/trunk/compliance.html#policylength
  PolicyTypeURL http://httpd.apache.org/docs/trunk/compliance.html#policytype
  PolicyKeepaliveURL http://httpd.apache.org/docs/trunk/compliance.html#policykeepalive
  PolicyMaxageURL http://httpd.apache.org/docs/trunk/compliance.html#policymaxage
  PolicyNocacheURL http://httpd.apache.org/docs/trunk/compliance.html#policynocache
  PolicyValidationURL http://httpd.apache.org/docs/trunk/compliance.html#policyvalidation
  PolicyVaryURL http://httpd.apache.org/docs/trunk/compliance.html#policyvary
  PolicyVersionURL http://httpd.apache.org/docs/trunk/compliance.html#policyversion

</Location>

#
# Server status can be bypassed
<Location /server-status>
  PolicyFilter off
</Location>