diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-10-06 09:44:25 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-10-06 09:44:25 -0300 |
commit | 4b281686f5457caa8eac914b6d4f75862f273779 (patch) | |
tree | ffed983a54d3057944a0b814277433249068d8f1 /config/apache_mod_security-dev | |
parent | e7fc39212e4b7e5b84b6d4ce7fc679742641ce4b (diff) | |
parent | 2c3d4ed6fe3ca3c4a705280b18d07063ed25fa3f (diff) | |
download | pfsense-packages-4b281686f5457caa8eac914b6d4f75862f273779.tar.gz pfsense-packages-4b281686f5457caa8eac914b6d4f75862f273779.tar.bz2 pfsense-packages-4b281686f5457caa8eac914b6d4f75862f273779.zip |
Merge pull request #697 from darksoul42/master
Diffstat (limited to 'config/apache_mod_security-dev')
-rw-r--r-- | config/apache_mod_security-dev/apache_mod_security.inc | 74 | ||||
-rw-r--r-- | config/apache_mod_security-dev/apache_virtualhost.xml | 87 |
2 files changed, 93 insertions, 68 deletions
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 5d1e51bb..1ef78819 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -450,30 +450,6 @@ function generate_apache_configuration() { #load conf template include("/usr/local/pkg/apache_balancer.template"); - if (APACHEVERSION == 'apache22') { # Only define this here for apache22 - #check balancer members - foreach ($config['installedpackages']['apachebalancer']['config'] as $balancer){ - if (is_array($balancer['row']) && $balancer['enable'] == 'on'){ - $balancer_config.="# {$balancer['description']}\n"; - $balancer_config.="<Proxy balancer://{$balancer['name']}>\n"; - foreach($balancer['row'] as $server){ - $options =($server['port'] ? ":{$server['port']}" : ""); - $options.=($server['routeid'] ? " route={$server['routeid']}" : ""); - $options.=($server['loadfactor'] ? " loadfactor={$server['loadfactor']}" : ""); - if (isset($server['ping']) && $server['ping']!=""){ - $options.= " ping={$server['ping']}"; - $options.=($server['ttl'] ? " ttl={$server['ttl']}" : ""); - } - $balancer_config.=" BalancerMember {$balancer['proto']}://{$server['host']}{$options}\n"; - } - #check if stick connections are set - if ($balancer['row'][0]['routeid'] !="") - $balancer_config.=" ProxySet stickysession=ROUTEID\n"; - $balancer_config.="</Proxy>\n\n"; - } - } - } - //write balancer conf file_put_contents(APACHEDIR."/etc/" . APACHEVERSION . "/Includes/balancers.conf",$balancer_config,LOCK_EX); } @@ -565,10 +541,14 @@ EOF; #check ssl if(isset($virtualhost["ssl_cert"]) && $virtualhost["ssl_cert"] !="none" && $virtualhost["proto"] == "https") { - $vh_config.= " SSLEngine on\n SSLProtocol all -SSLv2\n SSLProxyEngine on\n SSLProxyVerify none\n"; - $vh_config.= " SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\n"; + $vh_config.= " SSLEngine on\n"; + $vh_config.= " SSLProtocol ". ($virtualhost['ssl_protocol'] ? $virtualhost['ssl_protocol'] : "all -SSLv2") ."\n"; + $vh_config.= " SSLProxyEngine ". ($virtualhost['ssl_proxy_engine'] ? "on" : "off") ."\n"; + $vh_config.= " SSLProxyVerify ". ($virtualhost['ssl_proxy_verify'] ? $virtualhost['ssl_proxy_verify'] : "none") ."\n"; + $vh_config.= " SSLCipherSuite ". ($virtualhost['ssl_cipher_suite'] ? $virtualhost['ssl_cipher_suite'] : "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL") ."\n"; + $vh_config.= " SSLHonorCipherOrder ". ($virtualhost['ssl_honor_cipher_order'] ? "on" : "off") ."\n"; - $svr_cert = lookup_cert($virtualhost["ssl_cert"]); + $svr_cert = lookup_cert($virtualhost["ssl_cert"]); if ($svr_cert != false) { if(base64_decode($svr_cert['crt'])) { file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert"]}.crt",apache_textarea_decode($svr_cert['crt']),LOCK_EX); @@ -589,7 +569,7 @@ EOF; file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($cli_ca['crt']),LOCK_EX); $vh_config.= " SSLCACertificateFile ". APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["reverse_int_ca"]}.crt\n"; } - } + } #Custom Options $vh_config.= apache_textarea_decode($virtualhost['custom'])."\n\n"; @@ -599,28 +579,26 @@ EOF; $backend=$apache_location[$be['location']]; $vh_config.="# {$backend['name']}\n"; - if (APACHEVERSION == 'apache24') { # Only define this here for apache24 - foreach ($config['installedpackages']['apachebalancer']['config'] as $balancer){ - if (is_array($balancer['row']) && $balancer['enable'] == 'on' && $balancer['name'] == $backend['balancer']){ - $vh_config.="# {$balancer['description']}\n"; - $vh_config.=" <Proxy balancer://{$balancer['name']}>\n"; - foreach($balancer['row'] as $balancer_server){ - $balancer_options =($balancer_server['port'] ? ":{$balancer_server['port']}" : ""); - - $balancer_options.=($balancer_server['routeid'] ? " route={$balancer_server['routeid']}" : ""); - $balancer_options.=($balancer_server['loadfactor'] ? " loadfactor={$balancer_server['loadfactor']}" : ""); - if (isset($balancer_server['ping']) && $balancer_server['ping']!=""){ - $balancer_options.= " ping={$balancer_server['ping']}"; - $balancer_options.=($server['ttl'] ? " ttl={$balancer_server['ttl']}" : ""); - } - $vh_config.=" BalancerMember {$balancer['proto']}://{$balancer_server['host']}{$balancer_options}\n"; + foreach ($config['installedpackages']['apachebalancer']['config'] as $balancer){ + if (is_array($balancer['row']) && $balancer['enable'] == 'on' && $balancer['name'] == $backend['balancer']){ + $vh_config.="# {$balancer['description']}\n"; + $vh_config.=" <Proxy balancer://{$balancer['name']}>\n"; + foreach($balancer['row'] as $balancer_server){ + $balancer_options =($balancer_server['port'] ? ":{$balancer_server['port']}" : ""); + + $balancer_options.=($balancer_server['routeid'] ? " route={$balancer_server['routeid']}" : ""); + $balancer_options.=($balancer_server['loadfactor'] ? " loadfactor={$balancer_server['loadfactor']}" : ""); + if (isset($balancer_server['ping']) && $balancer_server['ping']!=""){ + $balancer_options.= " ping={$balancer_server['ping']}"; + $balancer_options.=($server['ttl'] ? " ttl={$balancer_server['ttl']}" : ""); } - #check if stick connections are set - if ($balancer['row'][0]['routeid'] !="") - $vh_config.=" ProxySet stickysession=ROUTEID\n"; - $vh_config.=" </Proxy>\n\n"; - break; + $vh_config.=" BalancerMember {$balancer['proto']}://{$balancer_server['host']}{$balancer_options}\n"; } + #check if stick connections are set + if ($balancer['row'][0]['routeid'] !="") + $vh_config.=" ProxySet stickysession=ROUTEID\n"; + $vh_config.=" </Proxy>\n\n"; + break; } } diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index 8558c490..ca448cd2 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -257,6 +257,72 @@ <type>input</type> </field> <field> + <fielddescr> + <![CDATA[Location(s)]]> + </fielddescr> + <fieldname>locations</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr><![CDATA[Location]]></fielddescr> + <fieldname>location</fieldname> + <description>Server Location</description> + <source><![CDATA[$config['installedpackages']['apachelocation']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + <show_disable_value>none</show_disable_value> + <type>select_source</type> + </rowhelperfield> + </rowhelper> + </field> + <field> + <name>SSL Environment</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>SSL Protocol</fielddescr> + <fieldname>ssl_protocol</fieldname> + <size>50</size> + <description><![CDATA[Enter the SSL protocol versions allowed (default: all -SSLv2)]]></description> + <type>input</type> + <default_value>all -SSLv2</default_value> + </field> + <field> + <fielddescr>SSL Cipher Suite</fielddescr> + <fieldname>ssl_cipher_suite</fieldname> + <size>50</size> + <description><![CDATA[Configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. (default: ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL)]]></description> + <type>input</type> + <default_value>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL</default_value> + </field> + <field> + <fielddescr>SSL Honor Cipher Order</fielddescr> + <fieldname>ssl_honor_cipher_order</fieldname> + <description><![CDATA[Forces the server's preferences to be used in a SSLv3/TLSv1 handshake (default: off)]]></description> + <default_value>off</default_value> + <type>checkbox</type> + </field> + <field> + <fielddescr>SSL Proxy Engine</fielddescr> + <fieldname>ssl_proxy_engine</fieldname> + <description><![CDATA[Enables the SSL proxy engine for the current virtualhost (default: on)]]></description> + <default_value>on</default_value> + <type>checkbox</type> + </field> + <field> + <fielddescr>SSL Proxy Verify</fielddescr> + <fieldname>ssl_proxy_verify</fieldname> + <description><![CDATA[When a proxy is configured to forward requests to a remote SSL server, this directive can be used to configure certificate verification of the remote server. ]]></description> + <type>select</type> + <options> + <option><name>None</name><value>none</value></option> + <option><name>Optional (remote server MAY present a valid certificate)</name><value>optional</value></option> + <option><name>Require (remote server HAS to present a valid certificate)</name><value>require</value></option> + <option><name>Optional, without CA (remote server may present a valid certificate, but it need not be (successfully) verifiable)</name><value>optional_no_ca</value></option> + </options> + <default_value>none</default_value> + </field> + <field> <fielddescr>HTTPS SSL certificate</fielddescr> <fieldname>ssl_cert</fieldname> <description>Choose the SSL Server Certificate here.</description> @@ -287,25 +353,6 @@ <show_disable_value>none</show_disable_value> </field> <field> - <fielddescr> - <![CDATA[Location(s)]]> - </fielddescr> - <fieldname>locations</fieldname> - <type>rowhelper</type> - <rowhelper> - <rowhelperfield> - <fielddescr><![CDATA[Location]]></fielddescr> - <fieldname>location</fieldname> - <description>Server Location</description> - <source><![CDATA[$config['installedpackages']['apachelocation']['config']]]></source> - <source_name>name</source_name> - <source_value>name</source_value> - <show_disable_value>none</show_disable_value> - <type>select_source</type> - </rowhelperfield> - </rowhelper> - </field> - <field> <name>Logging</name> <type>listtopic</type> </field> @@ -315,7 +362,7 @@ <description><![CDATA[When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the backend IP address.]]></description> <type>checkbox</type> </field> - <field> + <field> <fielddescr>Log file</fielddescr> <fieldname>logfile</fieldname> <description><![CDATA[Enable access and error log for this virtual host.]]></description> |