diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-11-08 20:17:47 -0200 |
---|---|---|
committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-11-08 20:17:47 -0200 |
commit | 5a1440a0151d1a80445206e7350e34cf74269ace (patch) | |
tree | 6f2742cba7d15a2fdb4bccc53e941abb7984754a | |
parent | 6993c26b73b883ca3bb65c1655333517ebd9f636 (diff) | |
download | pfsense-packages-5a1440a0151d1a80445206e7350e34cf74269ace.tar.gz pfsense-packages-5a1440a0151d1a80445206e7350e34cf74269ace.tar.bz2 pfsense-packages-5a1440a0151d1a80445206e7350e34cf74269ace.zip |
apache-modsecurity-dev - fix apache listening and virtualhosts check
add some new gui options to balancer and virtualhosts tab
check if modsecurity rules are present before extracting
-rwxr-xr-x | config/apache_mod_security-dev/apache_balancer.xml | 18 | ||||
-rw-r--r-- | config/apache_mod_security-dev/apache_mod_security.inc | 68 | ||||
-rw-r--r-- | config/apache_mod_security-dev/apache_virtualhost.xml | 22 | ||||
-rwxr-xr-x | config/apache_mod_security-dev/pkg_apache.inc | 11 | ||||
-rw-r--r-- | pkg_config.8.xml | 2 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
6 files changed, 77 insertions, 46 deletions
diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml index b3acba57..3c8de686 100755 --- a/config/apache_mod_security-dev/apache_balancer.xml +++ b/config/apache_mod_security-dev/apache_balancer.xml @@ -139,6 +139,9 @@ <option> <name>HTTP</name> <value>http</value> </option> <option> <name>HTTPS</name> <value>https</value> </option> </options> + </field> <field> + <name><![CDATA[Internal Server(s)]]></name> + <type>listtopic</type> </field> <field> <fielddescr> @@ -146,48 +149,51 @@ </fielddescr> <fieldname>additionalparameters</fieldname> <type>rowhelper</type> + <dontdisplayname/> + <usecolspan2/> + <movable>on</movable> <rowhelper> <rowhelperfield> <fielddescr>fqdn or ip</fielddescr> <fieldname>host</fieldname> <description>Internal site IP or Hostnamesite</description> <type>input</type> - <size>20</size> + <size>27</size> </rowhelperfield> <rowhelperfield> <fielddescr>port</fielddescr> <fieldname>port</fieldname> <description>Internal site port</description> <type>input</type> - <size>4</size> + <size>5</size> </rowhelperfield> <rowhelperfield> <fielddescr>routeid</fielddescr> <fieldname>routeid</fieldname> <description>id to define stick connections</description> <type>input</type> - <size>4</size> + <size>6</size> </rowhelperfield> <rowhelperfield> <fielddescr>weight</fielddescr> <fieldname>loadfactor</fieldname> <description>Server weight</description> <type>input</type> - <size>4</size> + <size>6</size> </rowhelperfield> <rowhelperfield> <fielddescr>ping</fielddescr> <fieldname>ping</fieldname> <description>Server ping test interval</description> <type>input</type> - <size>4</size> + <size>6</size> </rowhelperfield> <rowhelperfield> <fielddescr>ttl</fielddescr> <fieldname>ttl</fieldname> <description>Server pint ttl</description> <type>input</type> - <size>4</size> + <size>6</size> </rowhelperfield> </rowhelper> </field> diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index fb83f9a6..8ca5b4e3 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -27,7 +27,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "apache"; // Check to find out on which system the package is running $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version > 2.0) @@ -127,20 +127,23 @@ function apache_mod_security_resync() { global $config, $g; apache_mod_security_install(); $dirs=array("base", "experimental","optional", "slr"); - if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE")) - exec ("tar -xzf /usr/local/pkg/modsecurity-crs_2.2.5.tar.gz -C ".APACHEDIR); - $write_config=0; - foreach ($dirs as $dir){ - if ($handle = opendir(APACHEDIR ."/".MODSECURITY_DIR."/{$dir}_rules")) { - $write_config++; - $config['installedpackages']["modsecurityfiles{$dir}"]['config']=array(); - while (false !== ($entry = readdir($handle))) { - if (preg_match("/(\S+).conf/",$entry,$matches)) - $config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]); - } - closedir($handle); + $ms_file="/usr/local/pkg/modsecurity-crs_2.2.5.tar.gz"; + if (file_exists($ms_file)){ + if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE")) + exec ("tar -xzf $ms_file -C ".APACHEDIR); + $write_config=0; + foreach ($dirs as $dir){ + if ($handle = opendir(APACHEDIR ."/".MODSECURITY_DIR."/{$dir}_rules")) { + $write_config++; + $config['installedpackages']["modsecurityfiles{$dir}"]['config']=array(); + while (false !== ($entry = readdir($handle))) { + if (preg_match("/(\S+).conf/",$entry,$matches)) + $config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]); + } + closedir($handle); + } + } } - } if ($write_config > 0) write_config(); apache_mod_security_checkconfig(); @@ -230,7 +233,8 @@ function generate_apache_configuration() { //performance settings //reference http://httpd.apache.org/docs/2.2/mod/mpm_common.html - $performance_settings="KeepAlive {$settings['keepalive']}\n"; + $keepalive=($settings['keepalive']?$settings['keepalive']:"on"); + $performance_settings="KeepAlive {$keepalive}\n"; if ($settings['maxkeepalivereq']) $performance_settings .= "MaxKeepAliveRequests {$settings['maxkeepalivereq']}\n"; if ($settings['keepalivetimeout']) @@ -313,6 +317,8 @@ function generate_apache_configuration() { } //configure virtual hosts + $namevirtualhosts=array(); + $namevirtualhosts[0]=$global_listen; if (is_array($config['installedpackages']['apachevirtualhost'])){ $vh_config= <<<EOF ################################################################################## @@ -332,6 +338,9 @@ EOF; $iface_address = apache_get_real_interface_address($virtualhost['interface']); $ip=$iface_address[0]; $port=($virtualhost['port'] ? $virtualhost['port'] : $default_port[$virtualhost['proto']]); + if (!in_array("{$ip}:{$port}",$namevirtualhosts)) + $namevirtualhosts[]="{$ip}:{$port}"; + $vh_config.="# {$virtualhost['description']}\n"; $vh_config.="<VirtualHost {$ip}:{$port}>\n"; $vh_config.=" ServerName ". preg_replace ("/\r\n(\S+)/","\n ServerAlias $1",base64_decode($virtualhost['primarysitehostname'])) ."\n"; @@ -487,31 +496,22 @@ EOF; // clear list of bound addresses before updating $config['installedpackages']['apachesettings']['config'][0]['row'] = array(); - // Process proxy sites // Configure NameVirtualHost directives $aliases = ""; - $processed = array(); - if(is_array($config['installedpackages']['apachemodsecurity'])) { - foreach($config['installedpackages']['apachemodsecurity']['config'] as $ams) { - if($ams['ipaddress'] && $ams['port']) - $local_ip_port = "{$ams['ipaddress']}:{$ams['port']}"; - else - $local_ip_port = $global_listen; - // Do not add entries twice. - if(!in_array($local_ip_port, $processed)) { - // explicit bind if not global ip:port - if ($local_ip_port != $global_listen) { - $aliases .= "Listen $local_ip_port\n"; - // Automatically add this to configuration - $config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $ams['ipaddress'], 'ipport' => $ams['port']); - } - $mod_proxy .= "NameVirtualHost $local_ip_port\n"; - $processed[] = $local_ip_port; + //add NameVirtualHost and listening entries to configured virtualhosts + foreach ($namevirtualhosts as $namevirtualhost){ + // explicit bind if not global ip:port + if ($namevirtualhost != $global_listen) { + $mod_proxy .= "NameVirtualHost {$namevirtualhost}\n"; + $aliases .= "Listen $namevirtualhost\n"; + // Automatically add this to configuration + $aplisten=split(":",$namevirtualhost); + $config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $aplisten[0], 'ipport' => $aplisten[1]); } } - } + //** Uncomment to allow adding ip/ports not used by any site proxies //** Otherwise unused addresses/ports will be automatically deleted from the configuration // foreach ($configuredaliases as $ams) { diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index f971b570..32b9e29c 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -113,6 +113,11 @@ <chmod>0644</chmod> <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_view_logs.php</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/shortcuts/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/bind/pkg_apache.inc</item> + </additional_files_needed> <tabs> <tab> <text>Apache</text> @@ -150,9 +155,12 @@ </tab> </tabs> <adddeleteeditpagefields> + <movable>on</movable> <columnitem> <fielddescr>Status</fielddescr> <fieldname>enable</fieldname> + <listmodeon>Enabled</listmodeon> + <listmodeoff>Disabled</listmodeoff> </columnitem> <columnitem> <fielddescr>Iface</fielddescr> @@ -267,11 +275,18 @@ <show_disable_value>none</show_disable_value> </field> <field> + <name><![CDATA[Location(s)]]></name> + <type>listtopic</type> + </field> + <field> <fielddescr> <![CDATA[Location(s)]]> </fielddescr> <fieldname>locations</fieldname> <type>rowhelper</type> + <dontdisplayname/> + <usecolspan2/> + <movable>on</movable> <rowhelper> <rowhelperfield> <fielddescr><![CDATA[gzip?]]></fielddescr> @@ -288,7 +303,7 @@ <fieldname>sitepath</fieldname> <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description> <type>input</type> - <size>5</size> + <size>13</size> </rowhelperfield> <rowhelperfield> <fielddescr><![CDATA[Balancer]]></fielddescr> @@ -317,7 +332,7 @@ <fieldname>backendpath</fieldname> <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description> <type>input</type> - <size>5</size> + <size>13</size> </rowhelperfield> <rowhelperfield> <fielddescr><![CDATA[ModSecurity]]></fielddescr> @@ -344,7 +359,7 @@ <fieldname>options</fieldname> <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description> <type>input</type> - <size>5</size> + <size>12</size> </rowhelperfield> </rowhelper> </field> @@ -388,7 +403,6 @@ <rows>10</rows> <encoding>base64</encoding> </field> - </fields> <service> <name>apache_mod_security</name> diff --git a/config/apache_mod_security-dev/pkg_apache.inc b/config/apache_mod_security-dev/pkg_apache.inc new file mode 100755 index 00000000..97fb2417 --- /dev/null +++ b/config/apache_mod_security-dev/pkg_apache.inc @@ -0,0 +1,11 @@ +<?php + +global $shortcuts; + +$shortcuts['apache'] = array(); +$shortcuts['apache']['main'] = "pkg_edit.php?xml=apache_virtualhost.xml"; +$shortcuts['apache']['log'] = "diag_logs.php"; +$shortcuts['apache']['status'] = "status_services.php"; +$shortcuts['apache']['service'] = "apache_mod_security"; + +?> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index ce6329a7..f79293e4 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -214,7 +214,7 @@ <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>0.2.1</version> + <version>0.2.2</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 825f7766..32551ce1 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -201,7 +201,7 @@ <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>0.2.1</version> + <version>0.2.2</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> |