SHARE
TWEET

Untitled

a guest Sep 13th, 2017 7 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <VirtualHost *:80>
  2.         ServerName www.test.nl
  3.         ServerAdmin ok@test.nl
  4.         DocumentRoot /home/getij/stage2/public_html
  5.         ErrorDocument 500 /error.cfm
  6.         ErrorDocument 404 /error.cfm
  7.         ErrorDocument 403 /error.cfm
  8.         # Anti XSS protection
  9.         Options +FollowSymLinks
  10.         Header set X-XSS-Protection "1; mode=block"
  11.         RewriteEngine On
  12.         RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
  13.         RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
  14.         RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
  15.         RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
  16.         RewriteCond %{QUERY_STRING} .*src=.* [NC,OR]
  17.         RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]
  18.         RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]
  19.         RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
  20.         RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
  21.         RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
  22.         RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
  23.         RewriteCond %{QUERY_STRING} (sp_executesql) [NC,OR]
  24.         RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
  25.         RewriteCond %{REQUEST_URI} (\<|%3C).*script.*(\>|%3E) [NC,OR]
  26.         RewriteCond %{REQUEST_URI} onmouseover [NC]
  27.         RewriteRule .* - [F]
  28.         RewriteCond %{REQUEST_METHOD} ^TRACE
  29.         RewriteRule .* - [F]
  30.         RewriteCond %{REQUEST_METHOD} ^TRACK
  31.         RewriteRule .* - [F]
  32.         # End of Anti XSS protection
  33.         # Miscellaneous security enhancements
  34.         Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
  35.         Header append X-FRAME-OPTIONS "SAMEORIGIN"
  36.         FileETag None
  37.         # End of miscellaneous security enhancements
  38.         <Directory /home/getij/stage2/public_html>
  39.                 Options MultiViews
  40.                 AllowOverride None
  41.                 Order allow,deny
  42.                 allow from all
  43.         </Directory>
  44.         <Directory "/home/getij/stage2/public_html/cgi-bin">
  45.                 AllowOverride None
  46.                 Options +ExecCGI -MultiViews
  47.         </Directory>
  48.         # Outlook Gadget
  49.         ScriptAlias /outlookgadget/scripts/ "/home/gadget/stage2/public_html/scripts/"
  50.         Alias /outlookgadget "/home/gadget/stage2/public_html"
  51.         # Getij
  52.         ScriptAlias /getij/cgi-bin/ "/home/getij/stage2/public_html/cgi-bin/"
  53.         Alias /getij/ "/home/getij/stage2/public_html/"
  54.         ScriptAlias /wsgetij/cgi-bin/ "/home/getij/stage2/webservice/cgi-bin/"
  55.         Alias /wsgetij/ "/home/getij/stage2/webservice/"
  56.         <Directory "/home/getij/stage2/webservice/cgi-bin">
  57.                 Options FollowSymLinks
  58.                 AllowOverride None
  59.                 Options +ExecCGI -MultiViews
  60.         </Directory>
  61.         ErrorLog /var/log/httpd/getij.error.log
  62.         # Possible values include: debug, info, notice, warn, error, crit,
  63.         # alert, emerg.
  64.         LogLevel warn
  65.         CustomLog /var/log/httpd/getij.access.log combined
  66.         ServerSignature Off
  67. </VirtualHost>
RAW Paste Data
Top