[Fusionforge-commits] r6802 - in trunk/gforge: etc/httpd.d plugins/scmcvs/etc/httpd.d

Roland Mas lolando at libremir.placard.fr.eu.org
Thu Jan 29 20:10:23 CET 2009


Author: lolando
Date: 2009-01-29 20:10:20 +0100 (Thu, 29 Jan 2009)
New Revision: 6802

Modified:
   trunk/gforge/etc/httpd.d/06maindirhttp
   trunk/gforge/etc/httpd.d/07maindirhttp.ssl
   trunk/gforge/etc/httpd.d/20list
   trunk/gforge/etc/httpd.d/21list.ssl
   trunk/gforge/plugins/scmcvs/etc/httpd.d/30virtualcvs
   trunk/gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl
Log:
Block potential XSS/XST attacks by restricting allowed HTTP methods (inspired by my gforge/patches/inria/block-xst branch)

Modified: trunk/gforge/etc/httpd.d/06maindirhttp
===================================================================
--- trunk/gforge/etc/httpd.d/06maindirhttp	2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/etc/httpd.d/06maindirhttp	2009-01-29 19:10:20 UTC (rev 6802)
@@ -63,5 +63,9 @@
             Order allow,deny
 	    allow from all
         </Directory>
+
+	<LimitExcept GET POST HEAD>
+	    deny from all
+        </LimitExcept>
 </VirtualHost>
 

Modified: trunk/gforge/etc/httpd.d/07maindirhttp.ssl
===================================================================
--- trunk/gforge/etc/httpd.d/07maindirhttp.ssl	2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/etc/httpd.d/07maindirhttp.ssl	2009-01-29 19:10:20 UTC (rev 6802)
@@ -65,5 +65,9 @@
             Order allow,deny
 	    allow from all
         </Directory>
+
+	<LimitExcept GET POST HEAD>
+	    deny from all
+        </LimitExcept>
 </VirtualHost>
 

Modified: trunk/gforge/etc/httpd.d/20list
===================================================================
--- trunk/gforge/etc/httpd.d/20list	2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/etc/httpd.d/20list	2009-01-29 19:10:20 UTC (rev 6802)
@@ -28,4 +28,8 @@
   <IfModule apache_ssl.c>
     SSLDisable
   </IfModule>
+
+  <LimitExcept GET POST HEAD>
+    deny from all
+  </LimitExcept>
 </VirtualHost>

Modified: trunk/gforge/etc/httpd.d/21list.ssl
===================================================================
--- trunk/gforge/etc/httpd.d/21list.ssl	2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/etc/httpd.d/21list.ssl	2009-01-29 19:10:20 UTC (rev 6802)
@@ -41,5 +41,9 @@
   RedirectMatch permanent ^/$ https://{lists_host}/mailman/listinfo
   LogFormat "%h %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" gforge
   CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/gforge.log" gforge
+
+  <LimitExcept GET POST HEAD>
+    deny from all
+  </LimitExcept>
 </VirtualHost>
 

Modified: trunk/gforge/plugins/scmcvs/etc/httpd.d/30virtualcvs
===================================================================
--- trunk/gforge/plugins/scmcvs/etc/httpd.d/30virtualcvs	2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/plugins/scmcvs/etc/httpd.d/30virtualcvs	2009-01-29 19:10:20 UTC (rev 6802)
@@ -21,5 +21,9 @@
 	<IfModule apache_ssl.c>
 		SSLDisable
 	</IfModule>
+
+	<LimitExcept GET POST HEAD>
+	    deny from all
+        </LimitExcept>
 </VirtualHost>
 

Modified: trunk/gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl
===================================================================
--- trunk/gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl	2009-01-29 17:28:55 UTC (rev 6801)
+++ trunk/gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl	2009-01-29 19:10:20 UTC (rev 6802)
@@ -25,5 +25,9 @@
 	</Directory>
 	LogFormat "%h %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" gforge
 	CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/gforge.log" gforge
+
+	<LimitExcept GET POST HEAD>
+	    deny from all
+        </LimitExcept>
 </VirtualHost>
 




More information about the Fusionforge-commits mailing list