[Fusionforge-commits] r6802 - in trunk/gforge: etc/httpd.d plugins/scmcvs/etc/httpd.d
Roland Mas
lolando at libremir.placard.fr.eu.org
Thu Jan 29 20:10:23 CET 2009
Author: lolando
Date: 2009-01-29 20:10:20 +0100 (Thu, 29 Jan 2009)
New Revision: 6802
Modified:
trunk/gforge/etc/httpd.d/06maindirhttp
trunk/gforge/etc/httpd.d/07maindirhttp.ssl
trunk/gforge/etc/httpd.d/20list
trunk/gforge/etc/httpd.d/21list.ssl
trunk/gforge/plugins/scmcvs/etc/httpd.d/30virtualcvs
trunk/gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl
Log:
Block potential XSS/XST attacks by restricting allowed HTTP methods (inspired by my gforge/patches/inria/block-xst branch)
Modified: trunk/gforge/etc/httpd.d/06maindirhttp
===================================================================
--- trunk/gforge/etc/httpd.d/06maindirhttp 2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/etc/httpd.d/06maindirhttp 2009-01-29 19:10:20 UTC (rev 6802)
@@ -63,5 +63,9 @@
Order allow,deny
allow from all
</Directory>
+
+ <LimitExcept GET POST HEAD>
+ deny from all
+ </LimitExcept>
</VirtualHost>
Modified: trunk/gforge/etc/httpd.d/07maindirhttp.ssl
===================================================================
--- trunk/gforge/etc/httpd.d/07maindirhttp.ssl 2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/etc/httpd.d/07maindirhttp.ssl 2009-01-29 19:10:20 UTC (rev 6802)
@@ -65,5 +65,9 @@
Order allow,deny
allow from all
</Directory>
+
+ <LimitExcept GET POST HEAD>
+ deny from all
+ </LimitExcept>
</VirtualHost>
Modified: trunk/gforge/etc/httpd.d/20list
===================================================================
--- trunk/gforge/etc/httpd.d/20list 2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/etc/httpd.d/20list 2009-01-29 19:10:20 UTC (rev 6802)
@@ -28,4 +28,8 @@
<IfModule apache_ssl.c>
SSLDisable
</IfModule>
+
+ <LimitExcept GET POST HEAD>
+ deny from all
+ </LimitExcept>
</VirtualHost>
Modified: trunk/gforge/etc/httpd.d/21list.ssl
===================================================================
--- trunk/gforge/etc/httpd.d/21list.ssl 2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/etc/httpd.d/21list.ssl 2009-01-29 19:10:20 UTC (rev 6802)
@@ -41,5 +41,9 @@
RedirectMatch permanent ^/$ https://{lists_host}/mailman/listinfo
LogFormat "%h %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" gforge
CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/gforge.log" gforge
+
+ <LimitExcept GET POST HEAD>
+ deny from all
+ </LimitExcept>
</VirtualHost>
Modified: trunk/gforge/plugins/scmcvs/etc/httpd.d/30virtualcvs
===================================================================
--- trunk/gforge/plugins/scmcvs/etc/httpd.d/30virtualcvs 2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/plugins/scmcvs/etc/httpd.d/30virtualcvs 2009-01-29 19:10:20 UTC (rev 6802)
@@ -21,5 +21,9 @@
<IfModule apache_ssl.c>
SSLDisable
</IfModule>
+
+ <LimitExcept GET POST HEAD>
+ deny from all
+ </LimitExcept>
</VirtualHost>
Modified: trunk/gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl
===================================================================
--- trunk/gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl 2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl 2009-01-29 19:10:20 UTC (rev 6802)
@@ -25,5 +25,9 @@
</Directory>
LogFormat "%h %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" gforge
CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/gforge.log" gforge
+
+ <LimitExcept GET POST HEAD>
+ deny from all
+ </LimitExcept>
</VirtualHost>
More information about the Fusionforge-commits
mailing list