From 64cb4ea11550492adbdd36765bb196c078302ac6 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sun, 30 Nov 2008 14:10:09 +0000
Subject: disallow trace and track on vhosts -> security

---
 templates/vhosts/static/CentOS.erb  | 4 ++++
 templates/vhosts/static/OpenBSD.erb | 6 ++++++
 2 files changed, 10 insertions(+)

(limited to 'templates/vhosts/static')

diff --git a/templates/vhosts/static/CentOS.erb b/templates/vhosts/static/CentOS.erb
index 1019deb..6739e7b 100644
--- a/templates/vhosts/static/CentOS.erb
+++ b/templates/vhosts/static/CentOS.erb
@@ -21,4 +21,8 @@
     <%- unless additional_options == 'absent' then -%>
     <%= additional_options %>
     <%- end -%>
+
+    RewriteEngine on
+    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+    RewriteRule .* - [F
 </VirtualHost>
diff --git a/templates/vhosts/static/OpenBSD.erb b/templates/vhosts/static/OpenBSD.erb
index 1c2498b..94ec206 100644
--- a/templates/vhosts/static/OpenBSD.erb
+++ b/templates/vhosts/static/OpenBSD.erb
@@ -32,6 +32,9 @@
     <%- unless additional_options.to_s == 'absent' then -%>
     <%= additional_options %>
     <%- end -%>
+    RewriteEngine on
+    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+    RewriteRule .* - [F
 </VirtualHost>
 
 <%- unless ssl_mode.to_s == 'false'  then -%>
@@ -64,5 +67,8 @@
     <%- unless additional_options.to_s == 'absent' then -%>
     <%= additional_options %>
     <%- end -%>
+    RewriteEngine on
+    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+    RewriteRule .* - [F
 </VirtualHost>
 <%- end -%>
-- 
cgit v1.2.3