/etc/fusionforge/httpd.conf.d/disable-scripts.inc is in fusionforge-web 6.0.5-2ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | Require all granted
# Enable directory index listing, but disable symlinks and CGI
Options Indexes
# Permit HTTP Auth for somewhat private projects (mechanism
# other than the SCM anon bit in the forge)
AllowOverride AuthConfig
# Prevent cookie theft in case a script does manage to execute
RequestHeader unset Cookie
# Disable all scripting engines (taken from Savannah)
# except for empty filenames == directory index
<Files "?*">
SetHandler default
</Files>
# Disable PHP5 explicitly for security (CVE-2014-0468)
<IfModule mod_php5.c>
php_admin_flag engine off
</IfModule>
# Disable PHP7 explicitly for security (CVE-2014-0468)
<IfModule mod_php7.c>
php_admin_flag engine off
</IfModule>
|