Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. VirtualHost {
  2. Hostname = www.mysite.com, mysite.com
  3. WebsiteRoot = /var/www/mysite
  4. StartFile = index.php
  5. AccessLogfile = /var/log/hiawatha/access.log
  6. ErrorLogfile = /var/log/hiawatha/error.log
  7. TimeForCGI = 1000
  8. # UseFastCGI = PHP5
  9. UseToolkit = banshee
  10. # if ownCloud or alike is installed, otherwise, it should be "no"
  11. # WebDAVapp = yes
  12. # <script .. </script>
  13. # e.g. <script>alert("xss");</script>
  14. DenyBody = ^.*%3Cscript.*%3C%2Fscript%3E.*$
  15. DenyBody = ^.*%3CsCrIpT.*%3C%2FScRiPt%3E.*$
  16. DenyBody = ^.*%3CScRiPt.*%3C%2FsCrIpT%3E.*$
  17. DenyBody = ^.*%3CSCRIPT.*%3C%2FSCRIPT%3E.*$
  18. DenyBody = ^.*%3CSCRIPT.*%3C%2Fscript%3E.*$
  19. DenyBody = ^.*%3Cscript.*%3C%2FSCRIPT%3E.*$
  20. # <meta .. />
  21. # e.g. <meta http-equiv="refresh" content='0; URL=http://some.domain"/>
  22. DenyBody = ^.*%3Cmeta.*%2F%3E.*$
  23. DenyBody = ^.*%3CMETA.*%2F%3E.*$
  24. DenyBody = ^.*%3CMeTa.*%2F%3E.*$
  25. DenyBody = ^.*%3CmEtA.*%2F%3E.*$
  26. # <iframe .. />
  27. DenyBody = ^.*%3Ciframe.*%2F%3E.*$
  28. DenyBody = ^.*%3CIFRAME.*%2F%3E.*$
  29. # Null Byte
  30. DenyBody = ^.*%00.*$
  31. ExecuteCGI = yes
  32. PreventCSRF = yes
  33. PreventSQLi = yes
  34. PreventXSS = yes
  35. WrapCGI = jail_mysite
  36. }