Work around CVE-2018-12532

https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html

Change-Id: I2c6cd13e0aeb71e5bebc680568fdf9f6f0656b74
This commit is contained in:
Jeremy Stanley 2019-11-08 02:20:14 +00:00
parent 7047152960
commit 24a3c65e32
2 changed files with 11 additions and 1 deletions

View File

@ -29,6 +29,12 @@ class zanata::apache (
include ::httpd include ::httpd
include ::httpd::ssl include ::httpd::ssl
if !defined(Httpd_mod['rewrite']) {
httpd_mod { 'rewrite':
ensure => present,
}
}
httpd_mod { 'proxy': httpd_mod { 'proxy':
ensure => present, ensure => present,
} }

View File

@ -32,6 +32,10 @@
SSLCertificateChainFile <%= scope.lookupvar("zanata::apache::ssl_chain_file") %> SSLCertificateChainFile <%= scope.lookupvar("zanata::apache::ssl_chain_file") %>
<% end -%> <% end -%>
# CVE-2018-12532 https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html
RewriteEngine on
RewriteRule .*(/DATA/|org\.richfaces\.resource\.MediaOutputResource).* - [F,L]
ProxyPass / ajp://127.0.0.1:8009/ retry=0 ProxyPass / ajp://127.0.0.1:8009/ retry=0
</VirtualHost> </VirtualHost>