projects
/
fusionforge
/
fusionforge.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
project home
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Block potential XSS/XST attacks by restricting allowed HTTP methods (inspired by...
[fusionforge/fusionforge.git]
/
gforge
/
plugins
/
scmcvs
/
etc
/
httpd.d
/
31virtualcvs.ssl
diff --git
a/gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl
b/gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl
index 82b1d9e7cfdd73a6ffdea1182ee7ad50b2ccb3b0..36606c7f45f138452039c85d8b000fd3fcd7a909 100644
(file)
--- a/
gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl
+++ b/
gforge/plugins/scmcvs/etc/httpd.d/31virtualcvs.ssl
@@
-25,5
+25,9
@@
</Directory>
LogFormat "%h %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" gforge
CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/gforge.log" gforge
+
+ <LimitExcept GET POST HEAD>
+ deny from all
+ </LimitExcept>
</VirtualHost>
projects / fusionforge / fusionforge.git / blobdiff