diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2013-11-22 23:27:10 -0500 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2013-11-22 23:27:10 -0500 |
commit | 3fd53f7221352702ffe64f9de9ef7820b75e51b8 (patch) | |
tree | 196c73ff9ba9278f25fc9db063cbf182c75772f6 | |
parent | 595c831d2768547d49e6daf147889c6aee15f9a4 (diff) | |
parent | 3a5b698d014f470e7b475261d5e7d2926d4fc220 (diff) | |
download | pfsense-packages-3fd53f7221352702ffe64f9de9ef7820b75e51b8.tar.gz pfsense-packages-3fd53f7221352702ffe64f9de9ef7820b75e51b8.tar.bz2 pfsense-packages-3fd53f7221352702ffe64f9de9ef7820b75e51b8.zip |
Merge remote-tracking branch 'upstream/master'
19 files changed, 377 insertions, 385 deletions
diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml index 7cb9774b..5e02f9d4 100755 --- a/config/apache_mod_security-dev/apache_balancer.xml +++ b/config/apache_mod_security-dev/apache_balancer.xml @@ -75,6 +75,11 @@ <active/> </tab> <tab> + <text>Location(s)</text> + <url>/pkg.php?xml=apache_location.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> <text>Virtual Hosts</text> <url>/pkg.php?xml=apache_virtualhost.xml</url> <tab_level>2</tab_level> @@ -107,20 +112,20 @@ </adddeleteeditpagefields> <fields> <field> - <name>apache Reverse Peer Mappings</name> + <name>Apache Reverse Peer Mappings</name> <type>listtopic</type> </field> <field> <fielddescr>Enable</fielddescr> <fieldname>enable</fieldname> - <description>If this field is checked, then this server poll will be available for virtual hosts config.</description> + <description>If this field is checked, then this server pool will be available for Virtual Hosts configuration.</description> <type>checkbox</type> </field> <field> <fielddescr>Balancer name</fielddescr> <fieldname>name</fieldname> - <description><![CDATA[Name to identify this peer on apache conf<br> - example: www_site1]]></description> + <description><![CDATA[Name to identify this peer in Apache configuration<br> + Example: www_site1]]></description> <type>input</type> <size>20</size> </field> @@ -134,7 +139,7 @@ <field> <fielddescr>Protocol</fielddescr> <fieldname>proto</fieldname> - <description><![CDATA[Protocol listening on this internal server(s) port.]]></description> + <description><![CDATA[Protocol used on the internal server(s).]]></description> <type>select</type> <options> <option> <name>HTTP</name> <value>http</value> </option> @@ -156,40 +161,40 @@ <rowhelperfield> <fielddescr>FQDN or IP Address</fielddescr> <fieldname>host</fieldname> - <description>Internal site IP or Hostnamesite</description> + <description>Internal site IP or site hostname</description> <type>input</type> <size>27</size> </rowhelperfield> <rowhelperfield> - <fielddescr>port</fielddescr> + <fielddescr>Port</fielddescr> <fieldname>port</fieldname> <description>Internal site port</description> <type>input</type> <size>5</size> </rowhelperfield> <rowhelperfield> - <fielddescr>routeid</fielddescr> + <fielddescr>Route ID</fielddescr> <fieldname>routeid</fieldname> <description>ID to define sticky connections</description> <type>input</type> <size>6</size> </rowhelperfield> <rowhelperfield> - <fielddescr>weight</fielddescr> + <fielddescr>Weight</fielddescr> <fieldname>loadfactor</fieldname> <description>Server weight</description> <type>input</type> <size>4</size> </rowhelperfield> <rowhelperfield> - <fielddescr>ping</fielddescr> + <fielddescr>Ping</fielddescr> <fieldname>ping</fieldname> <description>Server ping test interval</description> <type>input</type> <size>6</size> </rowhelperfield> <rowhelperfield> - <fielddescr>ttl</fielddescr> + <fielddescr>TTL</fielddescr> <fieldname>ttl</fieldname> <description>Server ping TTL</description> <type>input</type> diff --git a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php deleted file mode 100644 index 5448f850..00000000 --- a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php +++ /dev/null @@ -1,205 +0,0 @@ -<?php -/* ========================================================================== */ -/* - apache_view_logs.php - part of pfSense (http://www.pfSense.com) - Copyright (C) 2009, 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2012 Marcello Coutinho - Copyright (C) 2012 Carlos Cesario - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -require_once("/etc/inc/util.inc"); -require_once("/etc/inc/functions.inc"); -require_once("/etc/inc/pkg-utils.inc"); -require_once("/etc/inc/globals.inc"); -require_once("guiconfig.inc"); -require_once("apache_mod_security.inc"); - -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) - $one_two = true; - -$pgtitle = "Apache reverse proxy: Apache VirtualHost Location"; - -$virtualhost_id = $_GET['virtualhost_id']; -if (isset($_POST['virtualhost_id'])) - $virtualhost_id = $_POST['virtualhost_id']; - -$backend_id = $_GET['backend_id']; -if (isset($_POST['backend_id'])) - $backend_id = $_POST['backend_id']; - -if (is_array($config['installedpackages']['apachevirtualhost']['config']) && is_array($config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id])) - $virtualhost = &$config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id]; -if (is_array($virtualhost['row']) && is_array($virtualhost['row'][$backend_id])) - $backend = &$virtualhost['row'][$backend_id]; - -/* - * Not having a virtualhost->backend entry means we can't do this. - */ -if (! $backend) { - $input_errors[] = gettext("Requested VirtualHost (ID={$virtualhost_id}) or Backend (ID={$backend_id}) does not exist."); -} - - -if ($_POST) { - unset($input_errors); - - /* - * Check for a valid expirationdate if one is set at all (valid means, - * DateTime puts out a time stamp so any DateTime compatible time - * format may be used. to keep it simple for the enduser, we only - * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs - * like "+1 day", which will be converted to MM/DD/YYYY based on "now". - * Otherwhise such an entry would lead to an invalid expiration data. - */ - if ($_POST['expires']) { - try { - $expdate = new DateTime($_POST['expires']); - //convert from any DateTime compatible date to MM/DD/YYYY - $_POST['expires'] = $expdate->format("m/d/Y"); - } catch ( Exception $ex ) { - $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); - } - } - - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } - - if (!$input_errors) { - if ($_POST['custom']) - $backend['custom'] = base64_encode($_POST['custom']); - else - unset($backend['custom']); - - write_config("Saved Location Custom Settings for location {$backend['sitepath']} on virtual host '{$virtualhost['primarysitehostname']}'"); - apache_mod_security_resync(); - pfSenseHeader("apache_edit_virtualhost_location.php?virtualhost_id={$virtualhost_id}&backend_id={$backend_id}"); - } -} - -include("head.inc"); -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> - -<?php if($one_two): ?> - - <p class="pgtitle"><?=$pgtitle?></font></p> - -<?php endif; ?> - -<?php - if ($input_errors) - print_input_errors($input_errors); - if ($savemsg) - print_info_box($savemsg); -?> - -<div id="mainlevel"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> - <?php - $tab_array = array(); - $tab_array[] = array(gettext("Apache"), true, "/pkg_edit.php?xml=apache_settings.xml&id=0"); - $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_settings.xml"); - $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=apache_mod_security_sync.xml"); - display_top_tabs($tab_array); - ?> - </td></tr> - <tr><td> - <?php - unset ($tab_array); - $tab_array[] = array(gettext("Daemon Options"), false, "pkg_edit.php?xml=apache_settings.xml"); - $tab_array[] = array(gettext("Backends / Balancers"), false, "/pkg.php?xml=apache_balancer.xml"); - $tab_array[] = array(gettext("Virtual Hosts"), true, "/pkg.php?xml=apache_virtualhost.xml"); - $tab_array[] = array(gettext("Logs"), false, "/apache_view_logs.php"); - display_top_tabs($tab_array); - ?> - </td></tr> - <tr><td> - <div id="mainarea" style="padding-top: 0px; padding-bottom: 0px; "> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"><tbody> - <form action="apache_edit_virtualhost_location.php" id="paramsForm" name="paramsForm" method="post"> - <tr> - <td width="22%" valign="top" class="vncellreq">Primary Site Hostname</td> - <td width="78%" class="vtable"> - <span class="vexpl"> - <?=base64_decode($virtualhost['primarysitehostname']);?> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Current Site Path</td> - <td width="78%" class="vtable"> - <span class="vexpl"> - <?=$backend['sitepath'];?> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Location Custom Settings");?></td> - <td width="78%" class="vtable"> - <textarea name='custom' rows='10' cols='65' id='custom'><?=base64_decode($backend['custom']);?></textarea> - <br/> - <span class="vexpl"> - <?=gettext("Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.");?> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> -<?php if (isset($virtualhost_id)): ?> - <input name="virtualhost_id" type="hidden" value="<?=$virtualhost_id;?>" /> -<?php endif;?> -<?php if (isset($backend_id)): ?> - <input name="backend_id" type="hidden" value="<?=$backend_id;?>" /> -<?php endif;?> - <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <input id="cancel" name="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> - </td> - </tr> - </form> - </tbody></table> - </div> - </td></tr> - </table> -</div> - - -<?php -include("fend.inc"); -?> - -</body> -</html> diff --git a/config/apache_mod_security-dev/apache_location.xml b/config/apache_mod_security-dev/apache_location.xml new file mode 100644 index 00000000..ea957f43 --- /dev/null +++ b/config/apache_mod_security-dev/apache_location.xml @@ -0,0 +1,237 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + apache_location.xml + part of apache_mod_security package (http://www.pfSense.com) + Copyright (C)2012 Marcello Coutinho + Copyright (C)2013 Stephane Lapie <stephane.lapie@asahinet.com> + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ +]]> + </copyright> + <name>apachelocation</name> + <version>1.0</version> + <title>Apache reverse proxy: Locations</title> + + <tabs> + <tab> + <text>Apache</text> + <url>/pkg_edit.php?xml=apache_settings.xml&id=0</url> + <active/> + </tab> + <tab> + <text>ModSecurity</text> + <url>/pkg_edit.php?xml=apache_mod_security_settings.xml</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=apache_mod_security_sync.xml</url> + </tab> + <tab> + <text>Daemon Options</text> + <url>/pkg_edit.php?xml=apache_settings.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> + <text>Backends / Balancers</text> + <url>/pkg.php?xml=apache_balancer.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> + <text>Location(s)</text> + <url>/pkg.php?xml=apache_location.xml</url> + <active/> + <tab_level>2</tab_level> + </tab> + <tab> + <text>Virtual Hosts</text> + <url>/pkg.php?xml=apache_virtualhost.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> + <text>Logs</text> + <url>/apache_view_logs.php</url> + <tab_level>2</tab_level> + </tab> + </tabs> + <adddeleteeditpagefields> + <movable>on</movable> + <columnitem> + <fielddescr>Identifier</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Compress</fielddescr> + <fieldname>compress</fieldname> + </columnitem> + <columnitem> + <fielddescr>Site Path</fielddescr> + <fieldname>sitepath</fieldname> + <listmodeoff>/</listmodeoff> + </columnitem> + <columnitem> + <fielddescr>Balancer</fielddescr> + <fieldname>balancer</fieldname> + </columnitem> + <columnitem> + <fielddescr>LB Method</fielddescr> + <fieldname>lbmethod</fieldname> + </columnitem> + <columnitem> + <fielddescr>Backendpath</fielddescr> + <fieldname>backendpath</fieldname> + <listmodeoff>/</listmodeoff> + </columnitem> + <columnitem> + <fielddescr>Modsecurity</fielddescr> + <fieldname>modsecgroup</fieldname> + <listmodeoff>None</listmodeoff> + </columnitem> + <columnitem> + <fielddescr>Rule Manipulation</fielddescr> + <fieldname>modsecmanipulation</fieldname> + <listmodeoff>None</listmodeoff> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Location Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr><![CDATA[Identifier]]></fielddescr> + <fieldname>name</fieldname> + <description><![CDATA[Location name/identifier.]]></description> + <type>input</type> + <required/> + <size>20</size> + </field> + <field> + <fielddescr><![CDATA[gzip?]]></fielddescr> + <fieldname>compress</fieldname> + <description>Compress data to save bandwidth?</description> + <type>select</type> + <options> + <option><name>yes</name><value>yes</value></option> + <option><name>no</name><value>no</value></option> + </options> + </field> + <field> + <fielddescr><![CDATA[Site Path]]></fielddescr> + <fieldname>sitepath</fieldname> + <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description> + <type>input</type> + <size>30</size> + </field> + <field> + <fielddescr><![CDATA[Balancer]]></fielddescr> + <fieldname>balancer</fieldname> + <description>Server balancer / pool</description> + <source><![CDATA[$config['installedpackages']['apachebalancer']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + <show_disable_value>none</show_disable_value> + <type>select_source</type> + <size>5</size> + </field> + <field> + <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LB Method</a>]]></fielddescr> + <fieldname>lbmethod</fieldname> + <description>Server balance method</description> + <type>select</type> + <options> + <option><name>byrequests</name><value>byrequests</value></option> + <option><name>bytraffic</name><value>bytraffic</value></option> + <option><name>bybusyness</name><value>bybusyness</value></option> + </options> + </field> + <field> + <fielddescr>Backend Path</fielddescr> + <fieldname>backendpath</fieldname> + <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description> + <type>input</type> + <size>30</size> + </field> + <field> + <fielddescr><![CDATA[ModSecurity]]></fielddescr> + <fieldname>modsecgroup</fieldname> + <description>Choose ModSecurity group to use on this virtual host.</description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['apachemodsecuritygroups']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + <show_disable_value>none</show_disable_value> + </field> + <field> + <fielddescr><![CDATA[Manipulations]]></fielddescr> + <fieldname>modsecmanipulation</fieldname> + <description>Choose Modsecurity group to use on this virtual host.</description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['apachemodsecuritymanipulation']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + <show_disable_value>none</show_disable_value> + </field> + <field> + <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'> Balancer options</a>]]></fielddescr> + <fieldname>options</fieldname> + <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description> + <type>input</type> + <size>30</size> + </field> + <field> + <name>Custom Location Options</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Custom Options</fielddescr> + <fieldname>custom</fieldname> + <description><![CDATA[Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.]]></description> + <type>textarea</type> + <cols>90</cols> + <rows>10</rows> + <encoding>base64</encoding> + <dontdisplayname/> + <usecolspan2/> + </field> + </fields> + <service> + <name>apache_mod_security</name> + <rcfile>apache_mod_security.sh</rcfile> + <executable>httpd</executable> + </service> + <custom_php_resync_config_command> + apache_mod_security_resync(); + </custom_php_resync_config_command> + <include_file>/usr/local/pkg/apache_mod_security.inc</include_file> +</packagegui> diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 1129af6d..31be95cf 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -211,7 +211,7 @@ function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $ return; if(!$synctimeout) - $synctimeout=250; + $synctimeout=25; $xmlrpc_sync_neighbor = $sync_to_ip; if($config['system']['webgui']['protocol'] != "") { @@ -472,19 +472,8 @@ function generate_apache_configuration() { //chroot apache http://forums.freebsd.org/showthread.php?t=6858 if (is_array($config['installedpackages']['apachemodsecuritygroups'])){ unset($mods_group); - $i=0; - $write_config=0; foreach ($config['installedpackages']['apachemodsecuritygroups']['config'] as $mods_groups){ //RULES_DIRECTORY - $mods_group[$mods_groups['name']]="Include ".RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf\n"; - if ($mods_groups['crs10']==""){ - if (file_exists(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')){ - $config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']=base64_encode(file_get_contents(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')); - $write_config++; - } - } - file_put_contents(RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']),LOCK_EX); - foreach (split(",",$mods_groups['baserules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n"; } @@ -497,10 +486,7 @@ function generate_apache_configuration() { foreach (split(",",$mods_groups['experimentalrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n"; } - $i++; } - if ($write_config > 0) - write_config("load crs 10 setup file to modsecurity group {$mods_groups['name']}"); } //print "<PRE>"; //var_dump($mods_group); @@ -508,8 +494,20 @@ function generate_apache_configuration() { //mod_security settings if (is_array($config['installedpackages']['apachemodsecuritysettings'])){ $mods_settings=$config['installedpackages']['apachemodsecuritysettings']['config'][0]; - } - + + if ($mods_settings['crs10']=="" && file_exists(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')){ + $config['installedpackages']['apachemodsecuritysettings']['config'][0]['crs10']=base64_encode(file_get_contents(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')); + write_config("modsecurity - Load crs 10 default setup file."); + } + + $cr10_setup="Include ".RULES_DIRECTORY ."/modsecurity_crs_10_setup.conf\n"; + file_put_contents(RULES_DIRECTORY ."/modsecurity_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][0]['crs10']),LOCK_EX); + } + // create location(s) array + if (is_array($config['installedpackages']['apachelocation'])){ + foreach ($config['installedpackages']['apachelocation']['config'] as $location) + $apache_location[$location['name']]=$location; + } //configure virtual hosts $namevirtualhosts=array(); $namevirtualhosts[0]=$global_listen; @@ -581,8 +579,10 @@ EOF; $vh_config.= apache_textarea_decode($virtualhost['custom'])."\n\n"; #Check virtualhost locations - foreach ($virtualhost['row'] as $backend){ - if ($backend['balancer'] != "none"){ + foreach ($virtualhost['row'] as $be){ + if ($be['location'] != "none"){ + $backend=$apache_location[$be['location']]; + $vh_config.="# {$backend['name']}\n"; $vh_config.=" <Location ".($backend['sitepath'] ? $backend['sitepath'] : "/").">\n"; $vh_config.=" ProxyPass balancer://{$backend['balancer']}{$backend['backendpath']}\n"; $vh_config.=" ProxyPassReverse balancer://{$backend['balancer']}{$backend['backendpath']}\n"; @@ -713,7 +713,6 @@ EOF; $extendedstatus="ExtendedStatus On"; } $mod_status .= <<<EOF - $mod_status .= <<<EOF {$extendedstatus} <Location /server-status> SetHandler server-status diff --git a/config/apache_mod_security-dev/apache_mod_security_groups.xml b/config/apache_mod_security-dev/apache_mod_security_groups.xml index c4651f45..4775fb3c 100644 --- a/config/apache_mod_security-dev/apache_mod_security_groups.xml +++ b/config/apache_mod_security-dev/apache_mod_security_groups.xml @@ -191,36 +191,6 @@ </options> </field> <field> - <name>mod_security crs 10 setup</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_security crs 10 setup</fielddescr> - <fieldname>crs10</fieldname> - <dontdisplayname/> - <usecolspan2/> - <description><![CDATA[<b>modsecurity_crs_10_setup.conf file.</b><br>Leave empty to load setup defaults.]]></description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>15</rows> - <cols>90</cols> - </field> - <field> - <name>Custom mod_security ErrorDocument</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Custom mod_security ErrorDocument</fielddescr> - <fieldname>errordocument</fieldname> - <dontdisplayname/> - <usecolspan2/> - <description>Custom mod_security ErrorDocument.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>10</rows> - <cols>90</cols> - </field> - <field> <name>Custom mod_security rules</name> <type>listtopic</type> </field> diff --git a/config/apache_mod_security-dev/apache_mod_security_settings.xml b/config/apache_mod_security-dev/apache_mod_security_settings.xml index 68581687..bbc7da4a 100644 --- a/config/apache_mod_security-dev/apache_mod_security_settings.xml +++ b/config/apache_mod_security-dev/apache_mod_security_settings.xml @@ -123,6 +123,36 @@ <size>10</size> </field> <field> + <name>mod_security crs 10 setup</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>mod_security crs 10 setup</fielddescr> + <fieldname>crs10</fieldname> + <dontdisplayname/> + <usecolspan2/> + <description><![CDATA[<b>modsecurity_crs_10_setup.conf file.</b><br>Leave empty to load setup defaults.]]></description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>15</rows> + <cols>90</cols> + </field> + <field> + <name>Custom mod_security ErrorDocument</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Custom mod_security ErrorDocument</fielddescr> + <fieldname>errordocument</fieldname> + <dontdisplayname/> + <usecolspan2/> + <description>Custom mod_security ErrorDocument.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>10</rows> + <cols>90</cols> + </field> + <field> <name>Modsecurity addons</name> <type>listtopic</type> </field> diff --git a/config/apache_mod_security-dev/apache_mod_security_sync.xml b/config/apache_mod_security-dev/apache_mod_security_sync.xml index 3e1c0a9c..7ecfb68e 100755 --- a/config/apache_mod_security-dev/apache_mod_security_sync.xml +++ b/config/apache_mod_security-dev/apache_mod_security_sync.xml @@ -86,11 +86,11 @@ <required/> <default_value>250</default_value> <options> - <option><name>250 seconds(Default)</name><value>250</value></option> - <option><name>120 seconds</name><value>120</value></option> - <option><name>90 seconds</name><value>90</value></option> + <option><name>30 seconds(Default)</name><value>30</value></option> <option><name>60 seconds</name><value>60</value></option> - <option><name>30 seconds</name><value>30</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>250 seconds</name><value>250</value></option> </options> </field> <field> diff --git a/config/apache_mod_security-dev/apache_settings.xml b/config/apache_mod_security-dev/apache_settings.xml index 14415362..1dd4bc78 100644 --- a/config/apache_mod_security-dev/apache_settings.xml +++ b/config/apache_mod_security-dev/apache_settings.xml @@ -68,6 +68,11 @@ <tab_level>2</tab_level> </tab> <tab> + <text>Location(s)</text> + <url>/pkg.php?xml=apache_location.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> <text>Virtual Hosts</text> <url>/pkg.php?xml=apache_virtualhost.xml</url> <tab_level>2</tab_level> @@ -88,6 +93,7 @@ <fieldname>globalsiteadminemail</fieldname> <description>Enter the site administrators e-mail address</description> <type>input</type> + <size>25</size> </field> <field> <fielddescr>Server hostname</fielddescr> @@ -97,6 +103,7 @@ NOTE: Leave blank to use this devices hostname.]]> </description> <type>input</type> + <size>25</size> </field> <field> <fielddescr>Default Bind to IP Address</fielddescr> diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php index 494f37cd..10bb1db6 100644 --- a/config/apache_mod_security-dev/apache_view_logs.php +++ b/config/apache_mod_security-dev/apache_view_logs.php @@ -106,6 +106,7 @@ function showLog(content,url,logtype) unset ($tab_array); $tab_array[] = array(gettext("Daemon Options"), false, "pkg_edit.php?xml=apache_settings.xml"); $tab_array[] = array(gettext("Backends / Balancers"), false, "/pkg.php?xml=apache_balancer.xml"); + $tab_array[] = array(gettext("Location(s)"), false, "/pkg.php?xml=apache_location.xml"); $tab_array[] = array(gettext("Virtual Hosts"), false, "/pkg.php?xml=apache_virtualhost.xml"); $tab_array[] = array(gettext("Logs"), true, "/apache_view_logs.php"); display_top_tabs($tab_array); diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index 53478721..747ef975 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -119,6 +119,11 @@ <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/apache_mod_security-dev/pkg_apache.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/apache_mod_security-dev/apache_location.xml</item> + </additional_files_needed> <tabs> <tab> <text>Apache</text> @@ -144,6 +149,11 @@ <tab_level>2</tab_level> </tab> <tab> + <text>Location(s)</text> + <url>/pkg.php?xml=apache_location.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> <text>Virtual Hosts</text> <url>/pkg.php?xml=apache_virtualhost.xml</url> <tab_level>2</tab_level> @@ -257,7 +267,7 @@ <show_disable_value>none</show_disable_value> </field> <field> - <fielddescr>intermediate CA certificate(optional)</fielddescr> + <fielddescr>Intermediate CA certificate (optional)</fielddescr> <fieldname>reverse_int_ca</fieldname> <description>Select intermediate CA assigned to certificate. Not all certificates require this.</description> <type>select_source</type> @@ -267,100 +277,21 @@ <show_disable_value>none</show_disable_value> </field> <field> - <name><![CDATA[Location(s)]]></name> - <type>listtopic</type> - </field> - <field> <fielddescr> <![CDATA[Location(s)]]> </fielddescr> <fieldname>locations</fieldname> <type>rowhelper</type> - <dontdisplayname/> - <usecolspan2/> - <movable>on</movable> <rowhelper> <rowhelperfield> - <fielddescr><![CDATA[gzip?]]></fielddescr> - <fieldname>compress</fieldname> - <description>Compress data to save bandwidth?</description> - <type>select</type> - <options> - <option><name>yes</name><value>yes</value></option> - <option><name>no</name><value>no</value></option> - </options> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[Site Path]]></fielddescr> - <fieldname>sitepath</fieldname> - <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description> - <type>input</type> - <size>12</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[Balancer]]></fielddescr> - <fieldname>balancer</fieldname> - <description>Server balancer / pool</description> - <source><![CDATA[$config['installedpackages']['apachebalancer']['config']]]></source> - <source_name>name</source_name> - <source_value>name</source_value> - <show_disable_value>none</show_disable_value> - <type>select_source</type> - <size>5</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LB Method</a>]]></fielddescr> - <fieldname>lbmethod</fieldname> - <description>Server balance method</description> - <type>select</type> - <options> - <option><name>byrequests</name><value>byrequests</value></option> - <option><name>bytraffic</name><value>bytraffic</value></option> - <option><name>bybusyness</name><value>bybusyness</value></option> - </options> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Backend Path</fielddescr> - <fieldname>backendpath</fieldname> - <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description> - <type>input</type> - <size>12</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[ModSecurity]]></fielddescr> - <fieldname>modsecgroup</fieldname> - <description>Choose ModSecurity group to use on this virtual host.</description> - <type>select_source</type> - <source><![CDATA[$config['installedpackages']['apachemodsecuritygroups']['config']]]></source> + <fielddescr><![CDATA[Location]]></fielddescr> + <fieldname>location</fieldname> + <description>Server Location</description> + <source><![CDATA[$config['installedpackages']['apachelocation']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <show_disable_value>none</show_disable_value> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[Manipulations]]></fielddescr> - <fieldname>modsecmanipulation</fieldname> - <description>Choose Modsecurity group to use on this virtual host.</description> <type>select_source</type> - <source><![CDATA[$config['installedpackages']['apachemodsecuritymanipulation']['config']]]></source> - <source_name>name</source_name> - <source_value>name</source_value> - <show_disable_value>none</show_disable_value> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'> Balancer options</a>]]></fielddescr> - <fieldname>options</fieldname> - <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description> - <type>input</type> - <size>11</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Location Custom Settings</fielddescr> - <fieldname>custom</fieldname> - <description><![CDATA[Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.]]></description> - <type>textarea</type> - <cols>65</cols> - <rows>10</rows> - <encoding>base64</encoding> </rowhelperfield> </rowhelper> </field> diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template index ed514eca..a6bcee1c 100755 --- a/config/dansguardian/dansguardian.conf.template +++ b/config/dansguardian/dansguardian.conf.template @@ -90,7 +90,7 @@ anonymizelogs = {$anonymizelogs} # # Use syslog for access logging instead of logging to the file # at the defined or built-in "loglocation" -#logsyslog = off +logsyslog = {$logsyslog} # Log file location # diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index b31df8ab..ad6e6482 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -232,6 +232,7 @@ function sync_package_dansguardian($via_rpc="no",$install_process=false) { $nologger=(preg_match('/nologger/',$dansguardian_log['logging_options'])?"on":"off"); $logadblocks=(preg_match('/logadblocks/',$dansguardian_log['logging_options'])?"on":"off"); $anonymizelogs=(preg_match('/anonymizelogs/',$dansguardian_log['logging_options'])?"on":"off"); + $logsyslog=(preg_match('/logsyslog/',$dansguardian_log['logging_options'])?"on":"off"); $loglevel=($dansguardian_log['loglevel']?$dansguardian_log['loglevel']:"2"); $logexceptionhits=($dansguardian_log['logexceptionhits']?$dansguardian_log['logexceptionhits']:"2"); diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml index 88281dff..97cd5b0b 100644 --- a/config/dansguardian/dansguardian_log.xml +++ b/config/dansguardian/dansguardian_log.xml @@ -197,6 +197,7 @@ <option><name>nologger (off)</name><value>nologger</value></option> <option><name>logadblocks (off)</name><value>logadblocks</value></option> <option><name>Anonymize logs (off)</name><value>anonymizelogs</value></option> + <option><name>Log to syslog (off)</name><value>logsyslog</value></option> </options> <multiple/> <size>6</size> diff --git a/config/lightsquid/sqstat.class.php b/config/lightsquid/sqstat.class.php index 228aecfe..03695a47 100644 --- a/config/lightsquid/sqstat.class.php +++ b/config/lightsquid/sqstat.class.php @@ -179,7 +179,8 @@ class squidstat{ } fclose($this->fp); - if ($raw[0]!="HTTP/1.0 200 OK") { $this->errorMsg(1, "Cannot get data. Server answered: $raw[0]"); + if (!preg_match("/^HTTP.* 200 OK$/", $raw[0])) { + $this->errorMsg(1, "Cannot get data. Server answered: $raw[0]"); return false; } diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index fa5ce6cf..4c0518b2 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>1.2.1</version> + <version>1.2.2</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index f0bcbee2..44744832 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -138,7 +138,7 @@ if (!empty($act)) { $advancedoptions = $_GET['advancedoptions']; $openvpnmanager = $_GET['openvpnmanager']; - $quoteservercn = $_GET['quoteservercn']; + $verifyservercn = $_GET['verifyservercn']; $usetoken = $_GET['usetoken']; if ($usetoken && (substr($act, 0, 10) == "confinline")) $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; @@ -213,17 +213,17 @@ if (!empty($act)) { $exp_name = urlencode($exp_name."-config.ovpn"); $expformat = "baseconf"; } - $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); + $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); } if($act == "visc") { $exp_name = urlencode($exp_name."-Viscosity.visc.zip"); - $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); + $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); } if(substr($act, 0, 4) == "inst") { $exp_name = urlencode($exp_name."-install.exe"); - $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); + $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); } if (!$exp_path) { @@ -304,9 +304,9 @@ function download_begin(act, i, j) { advancedoptions = document.getElementById("advancedoptions").value; - var quoteservercn = 0; - if (document.getElementById("quoteservercn").checked) - quoteservercn = 1; + var verifyservercn; + verifyservercn = document.getElementById("verifyservercn").value; + var usetoken = 0; if (document.getElementById("usetoken").checked) usetoken = 1; @@ -380,7 +380,7 @@ function download_begin(act, i, j) { dlurl += "&crtid=" + escape(certs[j][0]); } dlurl += "&useaddr=" + escape(useaddr); - dlurl += ""eservercn=" + escape(quoteservercn); + dlurl += "&verifyservercn=" + escape(verifyservercn); dlurl += "&openvpnmanager=" + escape(openvpnmanager); dlurl += "&usetoken=" + escape(usetoken); if (usepass) @@ -619,16 +619,22 @@ function useproxy_changed(obj) { </td> </tr> <tr> - <td width="22%" valign="top" class="vncell">Quote Server CN</td> + <td width="22%" valign="top" class="vncell">Verify Server CN</td> <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="quote server cn"> + <table border="0" cellpadding="2" cellspacing="0" summary="verify server cn"> <tr> <td> - <input name="quoteservercn" id="quoteservercn" type="checkbox" value="yes" /> - </td> - <td> + <select name="verifyservercn" id="verifyservercn" class="formselect"> + <option value="auto">Automatic - Use verify-x509-name (OpenVPN 2.3+) where possible</option> + <option value="tls-remote">Use tls-remote (Deprecated, use only on old clients <= OpenVPN 2.2.x)</option> + <option value="tls-remote-quote">Use tls-remote and quote the server CN</option> + <option value="none">Do not verify the server CN</option> + </select> + <br/> <span class="vexpl"> - Enclose the server CN in quotes. Can help if your server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed. + Optionally verify the server certificate Common Name (CN) when the client connects. Current clients, including the most recent versions of Windows, Viscosity, Tunnelblick, OpenVPN on iOS and Android and so on should all work at the default automatic setting. + <br/><br/>Only use tls-remote if you must use an older client that you cannot control. The option has been deprecated by OpenVPN and will be removed in the next major version. + <br/><br/>With tls-remote the server CN may optionally be enclosed in quotes. This can help if the server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed. </span> </td> </tr> diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc index 59b7eb11..1a4db315 100644 --- a/config/sarg/sarg.inc +++ b/config/sarg/sarg.inc @@ -272,6 +272,8 @@ function sync_package_sarg() { $bytes_in_sites_users_report=(preg_match('/bytes_in_sites_users_report/',$sarg['report_options'])?"yes":"no"); $date_time_by=(preg_match('/date_time_by_bytes/',$sarg['report_options'])?"bytes":""); $date_time_by.=(preg_match('/date_time_by_elap/',$sarg['report_options'])?" elap":""); + if(empty($date_time_by)) + $date_time_by="bytes"; $date_format=(preg_match("/\w/",$sarg['report_date_format'])?$sarg['report_date_format']:"u"); $report_type=preg_replace('/,/',' ',$sarg['report_type']); $report_charset=(empty($sarg['report_charset'])?"UTF-8":$sarg['report_charset']); diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 4d5015f1..d581bfbd 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -212,9 +212,12 @@ <name>Apache with mod_security-dev</name> <pkginfolink>http://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> - <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> + <descr><![CDATA[ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.<br> + It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.<br> + In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.<br> + <b>Backup your location config before updating form 0.2.x to 0.3 package version.</b>]]></descr> <category>Network Management</category> - <version>2.2.23 pkg v0.2.4</version> + <version>2.4.6 pkg v0.3</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> @@ -248,10 +251,10 @@ <build_pbi> <custom_name>proxy_mod_security</custom_name> <ports_before>devel/gettext misc/help2man databases/db42 databases/gdbm devel/apr1 www/p5-LWP-UserAgent-Determined www/p5-LWP-Protocol-https security/gnupg security/p5-GnuPG net/spread textproc/p5-XML-Smart lang/p5-Switch www/p5-Data-Validate-URI devel/p5-Data-Types devel/p5-Acme-Comment</ports_before> - <port>www/apache22-worker-mpm</port> + <port>www/apache24</port> <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> - <build_options>OPTIONS_UNSET=BDB MYSQL PGSQL;OPTIONS_SET=SQLITE THREADS IPV6 SSL;WITH_MPM=worker;apache22-worker-mpm_UNSET=AUTHNZ_LDAP AUTHN_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN CGID DBD EXT_FILTER LDAP LOG_FORENSIC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT SUBSTITUTE SUEXEC SUEXEC_RSRCLIMIT;apache22-worker-mpm_SET=ACTIONS ALIAS AUTHN_ALIAS VHOST_ALIAS ASIS AUTHN_ANON AUTHN_DBM AUTHN_DEFAULT AUTHN_FILE AUTHZ_DBM AUTHZ_DEFAULT AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTOINDEX CACHE DISK_CACHE FILE_CACHE MEM_CACHE CERN_META CGI CHARSET_LITE DAV DAV_FS DEFLATE DIR DUMPIO ENV EXPIRES FILTER HEADERS IMAGEMAP INCLUDE INFO LOGIO LOG_CONFIG MIME MIME_MAGIC NEGOTIATION PROXY PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_FTP PROXY_HTTP PROXY_SCGI REQTIMEOUT REWRITE SETENVIF SPELING STATUS THREADS UNIQUE_ID USERDIR USERTRACK VERSION;mod_security_SET=MLOGC</build_options> + <build_options>apache24_UNSET=MPM_PREFORK;apache24_SET=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC</build_options> <after_install_info>Please visit the ProxyServer settings tab and set the service up so that it may be started.</after_install_info> </package> <package> @@ -704,7 +707,7 @@ <descr>High perfomance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.</descr> <website>http://lightsquid.sf.net/</website> <category>Network Report</category> - <version>1.8.0 pkg v.2.32</version> + <version>1.8.0 pkg v.2.33</version> <maintainer>dv_serg@mail.ru</maintainer> <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>lightsquid-1.8_2.tbz</depends_on_package> @@ -1287,7 +1290,7 @@ <port>www/squid33</port> <ports_after>www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss www/c-icap-modules</ports_after> </build_pbi> - <build_options>c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <build_options>c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> <config_file>http://www.pfsense.org/packages/config/squid3/33/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> <depends_on_package_pbi>squid-3.3.8-i386.pbi</depends_on_package_pbi> @@ -1463,7 +1466,7 @@ <depends_on_package_pbi>zip-3.0-i386.pbi p7zip-9.20.1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.2.1</version> + <version>1.2.2</version> <status>RELEASE</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index cfb81e59..29ace26f 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -199,9 +199,12 @@ <name>Apache with mod_security-dev</name> <pkginfolink>http://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> - <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> + <descr><![CDATA[ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.<br> + It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.<br> + In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.<br> + <b>Backup your location config before updating form 0.2.x to 0.3 package version.</b>]]></descr> <category>Network Management</category> - <version>2.2.23 pkg v0.2.4</version> + <version>2.4.6 pkg v0.3</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> @@ -235,10 +238,10 @@ <build_pbi> <custom_name>proxy_mod_security</custom_name> <ports_before>devel/gettext misc/help2man databases/db42 databases/gdbm devel/apr1 www/p5-LWP-UserAgent-Determined www/p5-LWP-Protocol-https security/gnupg security/p5-GnuPG net/spread textproc/p5-XML-Smart lang/p5-Switch www/p5-Data-Validate-URI devel/p5-Data-Types devel/p5-Acme-Comment</ports_before> - <port>www/apache22-worker-mpm</port> + <port>www/apache24</port> <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> - <build_options>OPTIONS_UNSET=BDB MYSQL PGSQL;OPTIONS_SET=SQLITE THREADS IPV6 SSL;WITH_MPM=worker;apache22-worker-mpm_UNSET=AUTHNZ_LDAP AUTHN_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN CGID DBD EXT_FILTER LDAP LOG_FORENSIC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT SUBSTITUTE SUEXEC SUEXEC_RSRCLIMIT;apache22-worker-mpm_SET=ACTIONS ALIAS AUTHN_ALIAS VHOST_ALIAS ASIS AUTHN_ANON AUTHN_DBM AUTHN_DEFAULT AUTHN_FILE AUTHZ_DBM AUTHZ_DEFAULT AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTOINDEX CACHE DISK_CACHE FILE_CACHE MEM_CACHE CERN_META CGI CHARSET_LITE DAV DAV_FS DEFLATE DIR DUMPIO ENV EXPIRES FILTER HEADERS IMAGEMAP INCLUDE INFO LOGIO LOG_CONFIG MIME MIME_MAGIC NEGOTIATION PROXY PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_FTP PROXY_HTTP PROXY_SCGI REQTIMEOUT REWRITE SETENVIF SPELING STATUS THREADS UNIQUE_ID USERDIR USERTRACK VERSION;mod_security_SET=MLOGC</build_options> + <build_options>apache24_UNSET=MPM_PREFORK;apache24_SET=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC</build_options> <after_install_info>Please visit the ProxyServer settings tab and set the service up so that it may be started.</after_install_info> </package> <package> @@ -691,7 +694,7 @@ <descr>High perfomance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.</descr> <website>http://lightsquid.sf.net/</website> <category>Network Report</category> - <version>1.8.2 pkg v.2.32</version> + <version>1.8.2 pkg v.2.33</version> <maintainer>dv_serg@mail.ru</maintainer> <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>lightsquid-1.8_2.tbz</depends_on_package> @@ -1274,7 +1277,7 @@ <port>www/squid33</port> <ports_after>www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss www/c-icap-modules</ports_after> </build_pbi> - <build_options>c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI ECAP SNMP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <build_options>c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI ECAP SNMP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> <config_file>http://www.pfsense.org/packages/config/squid3/33/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> <depends_on_package_pbi>squid-3.3.8-amd64.pbi</depends_on_package_pbi> @@ -1450,7 +1453,7 @@ <depends_on_package_pbi>p7zip-9.20.1-amd64.pbi zip-3.0-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.2.1</version> + <version>1.2.2</version> <status>RELEASE</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> |