aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@gmail.com>2009-06-23 14:00:21 -0400
committerScott Ullrich <sullrich@gmail.com>2009-06-23 14:00:21 -0400
commit3bc3b925d9dbd05552d21b7465731d3b823eb515 (patch)
tree883aa42efac10f4057a5b7782c2537d156342c60
parent8f5f872c05da346602fd8b7bcb7b73bc4af1726f (diff)
downloadpfsense-packages-3bc3b925d9dbd05552d21b7465731d3b823eb515.tar.gz
pfsense-packages-3bc3b925d9dbd05552d21b7465731d3b823eb515.tar.bz2
pfsense-packages-3bc3b925d9dbd05552d21b7465731d3b823eb515.zip
Add more mod_security bits
-rw-r--r--config/apache_mod_security/apache_mod_security.inc20
1 files changed, 20 insertions, 0 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc
index 4d0402be..cf39e467 100644
--- a/config/apache_mod_security/apache_mod_security.inc
+++ b/config/apache_mod_security/apache_mod_security.inc
@@ -169,17 +169,37 @@ EOF;
# Turn the filtering engine On or Off
SecFilterEngine On
+ # XXX Add knobs for these
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecResponseBodyAccess On
+
+ # XXX Add knobs for these
+ SecRequestBodyInMemoryLimit 131072
+ SecRequestBodyLimit 10485760
+
+ SecResponseBodyMimeTypesClear
+ SecResponseBodyMimeType (null) text/plain text/html text/css text/xml
+
+ # XXX Add knobs for these
+ SecUploadDir /var/spool/apache/private
+ SecUploadKeepFiles Off
+
+ # XXX Add knobs for these
# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis
SecAuditEngine RelevantOnly
+ # XXX Add knobs for these
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
+ # XXX Add knobs for these
# Unicode encoding check
SecFilterCheckUnicodeEncoding On
+ # XXX Add knobs for these
# Only allow bytes from this range
SecFilterForceByteRange 1 255