DeveloperSide.NET Forums
December 12, 2019, 08:13:16 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Security Update for Suite 3.00  (Read 10273 times)
0 Members and 1 Guest are viewing this topic.
admin
Administrator
Master of All Subjects
*****
Posts: 3272


View Profile WWW Email
« on: May 18, 2008, 09:23:30 PM »

There is a possibility that a malicious attempt could be made to access the raw _cgi-bin folder of dynamic domains by sending a request to your IP address and crafting the host header to contain '_cgi-bin.domain.tld'. This could potentially allow an attacker to read the source code of any scripts under this directory.

To fix this:

1. Create file C:\www\Apache22\conf\extra\suite-global\suite-security.conf

2. Add the following contents within this file:
Code:
# Security: Block all sub-domain requests for _***.domain.tld
#

# For localhost VH
<Directory "/www/vhosts/localhost/_*/">
RewriteEngine On
RewriteCond %{HTTP_HOST} ^_([^\.]+)\. [NC]
RewriteRule ^(.*)$ / [F]
</Directory>

# For _dynamic and _static VHs
<Directory "/www/vhosts/*/*/_*/">
RewriteEngine On
RewriteCond %{HTTP_HOST} ^_([^\.]+)\. [NC]
RewriteRule ^(.*)$ / [F]
</Directory>

3. Restart Apache.
« Last Edit: May 18, 2008, 09:25:39 PM by admin » Logged

DeveloperSide.NET
Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!