DeveloperSide.NET Forums
July 03, 2020, 03:50:31 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
   Home   Help Search Login Register  
Pages: [1]
Author Topic: Security Update for Suite 3.00  (Read 12394 times)
0 Members and 1 Guest are viewing this topic.
Master of All Subjects
Posts: 3272

View Profile WWW Email
« on: May 18, 2008, 09:23:30 PM »

There is a possibility that a malicious attempt could be made to access the raw _cgi-bin folder of dynamic domains by sending a request to your IP address and crafting the host header to contain '_cgi-bin.domain.tld'. This could potentially allow an attacker to read the source code of any scripts under this directory.

To fix this:

1. Create file C:\www\Apache22\conf\extra\suite-global\suite-security.conf

2. Add the following contents within this file:
# Security: Block all sub-domain requests for _***.domain.tld

# For localhost VH
<Directory "/www/vhosts/localhost/_*/">
RewriteEngine On
RewriteCond %{HTTP_HOST} ^_([^\.]+)\. [NC]
RewriteRule ^(.*)$ / [F]

# For _dynamic and _static VHs
<Directory "/www/vhosts/*/*/_*/">
RewriteEngine On
RewriteCond %{HTTP_HOST} ^_([^\.]+)\. [NC]
RewriteRule ^(.*)$ / [F]

3. Restart Apache.
« Last Edit: May 18, 2008, 09:25:39 PM by admin » Logged

Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!