aboutsummaryrefslogtreecommitdiffstats
path: root/config/apache_mod_security-dev
diff options
context:
space:
mode:
authorStephane Lapie <stephane.lapie@asahinet.com>2013-11-13 12:29:45 +0900
committerStephane Lapie <stephane.lapie@asahinet.com>2013-11-13 12:37:28 +0900
commitb0e3cc67b5ac508aade428fbbddf1b90df05b696 (patch)
treea33e04790b7498e27ae342449dc9fd8c339c4fc4 /config/apache_mod_security-dev
parentdc36992067d3aa78702c493b47baa2c58f98f7fd (diff)
downloadpfsense-packages-b0e3cc67b5ac508aade428fbbddf1b90df05b696.tar.gz
pfsense-packages-b0e3cc67b5ac508aade428fbbddf1b90df05b696.tar.bz2
pfsense-packages-b0e3cc67b5ac508aade428fbbddf1b90df05b696.zip
Add XMLRPC sync, vhost location custom settings
- Typo: Lots of typo fixes and re-indenting - XMLRPC: Added actual code for XMLRPC (not 100% functional, remote reload fails) - VirtualHost: Added custom settings for Locations (for SSLRequire & such) - Settings: Use interfaces instead of manual input IP address
Diffstat (limited to 'config/apache_mod_security-dev')
-rw-r--r--config/apache_mod_security-dev/apache.template4
-rwxr-xr-xconfig/apache_mod_security-dev/apache_balancer.xml87
-rw-r--r--config/apache_mod_security-dev/apache_edit_virtualhost_location.php205
-rw-r--r--config/apache_mod_security-dev/apache_logs_data.php2
-rw-r--r--config/apache_mod_security-dev/apache_mod_security.inc192
-rw-r--r--config/apache_mod_security-dev/apache_mod_security.template4
-rw-r--r--config/apache_mod_security-dev/apache_mod_security_groups.xml20
-rw-r--r--config/apache_mod_security-dev/apache_mod_security_manipulation.xml2
-rwxr-xr-xconfig/apache_mod_security-dev/apache_mod_security_sync.xml26
-rwxr-xr-xconfig/apache_mod_security-dev/apache_mod_security_view_logs.php2
-rw-r--r--config/apache_mod_security-dev/apache_settings.xml20
-rw-r--r--config/apache_mod_security-dev/apache_view_logs.php6
-rw-r--r--config/apache_mod_security-dev/apache_virtualhost.xml195
13 files changed, 573 insertions, 192 deletions
diff --git a/config/apache_mod_security-dev/apache.template b/config/apache_mod_security-dev/apache.template
index 12a36b69..ab981a9e 100644
--- a/config/apache_mod_security-dev/apache.template
+++ b/config/apache_mod_security-dev/apache.template
@@ -6,7 +6,7 @@
}
if($mods_settings['enablemodsecurity']=="on")
$mod_security_module= "LoadModule security2_module libexec/apache22/mod_security2.so\n";
-
+
$apache_dir=APACHEDIR;
$apache_config = <<<EOF
##################################################################################
@@ -513,4 +513,4 @@ Include etc/apache22/Includes/*.conf
EOF;
-?> \ No newline at end of file
+?>
diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml
index 16779158..7cb9774b 100755
--- a/config/apache_mod_security-dev/apache_balancer.xml
+++ b/config/apache_mod_security-dev/apache_balancer.xml
@@ -75,7 +75,7 @@
<active/>
</tab>
<tab>
- <text>Virutal Hosts</text>
+ <text>Virtual Hosts</text>
<url>/pkg.php?xml=apache_virtualhost.xml</url>
<tab_level>2</tab_level>
</tab>
@@ -102,7 +102,7 @@
<columnitem>
<fielddescr>Description</fielddescr>
<fieldname>description</fieldname>
- </columnitem>
+ </columnitem>
<movable>on</movable>
</adddeleteeditpagefields>
<fields>
@@ -136,65 +136,64 @@
<fieldname>proto</fieldname>
<description><![CDATA[Protocol listening on this internal server(s) port.]]></description>
<type>select</type>
- <options>
- <option> <name>HTTP</name> <value>http</value> </option>
- <option> <name>HTTPS</name> <value>https</value> </option>
- </options>
- </field> <field>
+ <options>
+ <option> <name>HTTP</name> <value>http</value> </option>
+ <option> <name>HTTPS</name> <value>https</value> </option>
+ </options>
+ </field>
+ <field>
<name><![CDATA[Internal Server(s)]]></name>
<type>listtopic</type>
</field>
-<field>
- <fielddescr>
- <![CDATA[Internal Servers]]>
- </fielddescr>
+ <field>
+ <fielddescr><![CDATA[Internal Servers]]></fielddescr>
<fieldname>additionalparameters</fieldname>
- <type>rowhelper</type>
+ <type>rowhelper</type>
<dontdisplayname/>
<usecolspan2/>
<movable>on</movable>
- <rowhelper>
+ <rowhelper>
<rowhelperfield>
- <fielddescr>fqdn or ip</fielddescr>
- <fieldname>host</fieldname>
- <description>Internal site IP or Hostnamesite</description>
- <type>input</type>
- <size>27</size>
+ <fielddescr>FQDN or IP Address</fielddescr>
+ <fieldname>host</fieldname>
+ <description>Internal site IP or Hostnamesite</description>
+ <type>input</type>
+ <size>27</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>port</fielddescr>
- <fieldname>port</fieldname>
- <description>Internal site port</description>
- <type>input</type>
- <size>5</size>
+ <fielddescr>port</fielddescr>
+ <fieldname>port</fieldname>
+ <description>Internal site port</description>
+ <type>input</type>
+ <size>5</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>routeid</fielddescr>
- <fieldname>routeid</fieldname>
- <description>id to define stick connections</description>
- <type>input</type>
- <size>6</size>
+ <fielddescr>routeid</fielddescr>
+ <fieldname>routeid</fieldname>
+ <description>ID to define sticky connections</description>
+ <type>input</type>
+ <size>6</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>weight</fielddescr>
- <fieldname>loadfactor</fieldname>
- <description>Server weight</description>
- <type>input</type>
- <size>6</size>
+ <fielddescr>weight</fielddescr>
+ <fieldname>loadfactor</fieldname>
+ <description>Server weight</description>
+ <type>input</type>
+ <size>4</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>ping</fielddescr>
- <fieldname>ping</fieldname>
- <description>Server ping test interval</description>
- <type>input</type>
- <size>6</size>
+ <fielddescr>ping</fielddescr>
+ <fieldname>ping</fieldname>
+ <description>Server ping test interval</description>
+ <type>input</type>
+ <size>6</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>ttl</fielddescr>
- <fieldname>ttl</fieldname>
- <description>Server pint ttl</description>
- <type>input</type>
- <size>6</size>
+ <fielddescr>ttl</fielddescr>
+ <fieldname>ttl</fieldname>
+ <description>Server ping TTL</description>
+ <type>input</type>
+ <size>6</size>
</rowhelperfield>
</rowhelper>
</field>
@@ -203,4 +202,4 @@
<custom_php_resync_config_command>
apache_mod_security_resync();
</custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php
new file mode 100644
index 00000000..5448f850
--- /dev/null
+++ b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php
@@ -0,0 +1,205 @@
+<?php
+/* ========================================================================== */
+/*
+ apache_view_logs.php
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2009, 2010 Scott Ullrich <sullrich@gmail.com>
+ Copyright (C) 2012 Marcello Coutinho
+ Copyright (C) 2012 Carlos Cesario
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code MUST retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form MUST reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+
+require_once("/etc/inc/util.inc");
+require_once("/etc/inc/functions.inc");
+require_once("/etc/inc/pkg-utils.inc");
+require_once("/etc/inc/globals.inc");
+require_once("guiconfig.inc");
+require_once("apache_mod_security.inc");
+
+$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
+if(strstr($pfSversion, "1.2"))
+ $one_two = true;
+
+$pgtitle = "Apache reverse proxy: Apache VirtualHost Location";
+
+$virtualhost_id = $_GET['virtualhost_id'];
+if (isset($_POST['virtualhost_id']))
+ $virtualhost_id = $_POST['virtualhost_id'];
+
+$backend_id = $_GET['backend_id'];
+if (isset($_POST['backend_id']))
+ $backend_id = $_POST['backend_id'];
+
+if (is_array($config['installedpackages']['apachevirtualhost']['config']) && is_array($config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id]))
+ $virtualhost = &$config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id];
+if (is_array($virtualhost['row']) && is_array($virtualhost['row'][$backend_id]))
+ $backend = &$virtualhost['row'][$backend_id];
+
+/*
+ * Not having a virtualhost->backend entry means we can't do this.
+ */
+if (! $backend) {
+ $input_errors[] = gettext("Requested VirtualHost (ID={$virtualhost_id}) or Backend (ID={$backend_id}) does not exist.");
+}
+
+
+if ($_POST) {
+ unset($input_errors);
+
+ /*
+ * Check for a valid expirationdate if one is set at all (valid means,
+ * DateTime puts out a time stamp so any DateTime compatible time
+ * format may be used. to keep it simple for the enduser, we only
+ * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
+ * like "+1 day", which will be converted to MM/DD/YYYY based on "now".
+ * Otherwhise such an entry would lead to an invalid expiration data.
+ */
+ if ($_POST['expires']) {
+ try {
+ $expdate = new DateTime($_POST['expires']);
+ //convert from any DateTime compatible date to MM/DD/YYYY
+ $_POST['expires'] = $expdate->format("m/d/Y");
+ } catch ( Exception $ex ) {
+ $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
+ }
+ }
+
+ /* if this is an AJAX caller then handle via JSON */
+ if (isAjax() && is_array($input_errors)) {
+ input_errors2Ajax($input_errors);
+ exit;
+ }
+
+ if (!$input_errors) {
+ if ($_POST['custom'])
+ $backend['custom'] = base64_encode($_POST['custom']);
+ else
+ unset($backend['custom']);
+
+ write_config("Saved Location Custom Settings for location {$backend['sitepath']} on virtual host '{$virtualhost['primarysitehostname']}'");
+ apache_mod_security_resync();
+ pfSenseHeader("apache_edit_virtualhost_location.php?virtualhost_id={$virtualhost_id}&backend_id={$backend_id}");
+ }
+}
+
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+
+<?php if($one_two): ?>
+
+ <p class="pgtitle"><?=$pgtitle?></font></p>
+
+<?php endif; ?>
+
+<?php
+ if ($input_errors)
+ print_input_errors($input_errors);
+ if ($savemsg)
+ print_info_box($savemsg);
+?>
+
+<div id="mainlevel">
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Apache"), true, "/pkg_edit.php?xml=apache_settings.xml&amp;id=0");
+ $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_settings.xml");
+ $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=apache_mod_security_sync.xml");
+ display_top_tabs($tab_array);
+ ?>
+ </td></tr>
+ <tr><td>
+ <?php
+ unset ($tab_array);
+ $tab_array[] = array(gettext("Daemon Options"), false, "pkg_edit.php?xml=apache_settings.xml");
+ $tab_array[] = array(gettext("Backends / Balancers"), false, "/pkg.php?xml=apache_balancer.xml");
+ $tab_array[] = array(gettext("Virtual Hosts"), true, "/pkg.php?xml=apache_virtualhost.xml");
+ $tab_array[] = array(gettext("Logs"), false, "/apache_view_logs.php");
+ display_top_tabs($tab_array);
+ ?>
+ </td></tr>
+ <tr><td>
+ <div id="mainarea" style="padding-top: 0px; padding-bottom: 0px; ">
+ <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"><tbody>
+ <form action="apache_edit_virtualhost_location.php" id="paramsForm" name="paramsForm" method="post">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Primary Site Hostname</td>
+ <td width="78%" class="vtable">
+ <span class="vexpl">
+ <?=base64_decode($virtualhost['primarysitehostname']);?>
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Current Site Path</td>
+ <td width="78%" class="vtable">
+ <span class="vexpl">
+ <?=$backend['sitepath'];?>
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Location Custom Settings");?></td>
+ <td width="78%" class="vtable">
+ <textarea name='custom' rows='10' cols='65' id='custom'><?=base64_decode($backend['custom']);?></textarea>
+ <br/>
+ <span class="vexpl">
+ <?=gettext("Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.");?>
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+<?php if (isset($virtualhost_id)): ?>
+ <input name="virtualhost_id" type="hidden" value="<?=$virtualhost_id;?>" />
+<?php endif;?>
+<?php if (isset($backend_id)): ?>
+ <input name="backend_id" type="hidden" value="<?=$backend_id;?>" />
+<?php endif;?>
+ <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
+ <input id="cancel" name="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" />
+ </td>
+ </tr>
+ </form>
+ </tbody></table>
+ </div>
+ </td></tr>
+ </table>
+</div>
+
+
+<?php
+include("fend.inc");
+?>
+
+</body>
+</html>
diff --git a/config/apache_mod_security-dev/apache_logs_data.php b/config/apache_mod_security-dev/apache_logs_data.php
index 256ff144..fdcc04b0 100644
--- a/config/apache_mod_security-dev/apache_logs_data.php
+++ b/config/apache_mod_security-dev/apache_logs_data.php
@@ -92,7 +92,7 @@ if ($_GET) {
// Apply filter and color
if ($filter != "")
$line = preg_replace("@($filter)@i","<spam><font color='red'>$1</font></span>",$line);
- $agent_info="onmouseover=\"jQuery('#bowserinfo').empty().html('{$line[13]}');\"\n";
+ $agent_info="onmouseover=\"jQuery('#browserinfo').empty().html('{$line[13]}');\"\n";
echo "<tr valign=\"top\" $agent_info>\n";
echo "<td class=\"listlr\" align=\"center\" nowrap>{$line[5]}({$line[6]})</td>\n";
echo "<td class=\"listr\" align=\"center\">{$line[1]}</td>\n";
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc
index f21dcbdc..c9ab05e8 100644
--- a/config/apache_mod_security-dev/apache_mod_security.inc
+++ b/config/apache_mod_security-dev/apache_mod_security.inc
@@ -4,6 +4,7 @@
part of apache_mod_security package (http://www.pfSense.com)
Copyright (C) 2009, 2010 Scott Ullrich
Copyright (C) 2012-2013 Marcello Coutinho
+ Copyright (C) 2013 Stephane Lapie <stephane.lapie@asahinet.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -27,6 +28,7 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
+
$shortcut_section = "apache";
// Check to find out on which system the package is running
$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
@@ -123,6 +125,7 @@ function apache_mod_security_resync() {
global $config, $g;
apache_mod_security_install();
$dirs=array("base", "experimental","optional", "slr");
+ log_error("apache_mod_security_package: configuration resync is starting.");
if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE")){
exec ("/usr/local/bin/git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git ".APACHEDIR."/".MODSECURITY_DIR);
//chdir (APACHEDIR."/".MODSECURITY_DIR);
@@ -136,14 +139,165 @@ function apache_mod_security_resync() {
while (false !== ($entry = readdir($handle))) {
if (preg_match("/(\S+).conf$/",$entry,$matches))
$config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]);
- }
- closedir($handle);
- }
}
+ closedir($handle);
+ }
+ }
if ($write_config > 0)
write_config();
apache_mod_security_checkconfig();
apache_mod_security_restart();
+ log_error("apache_mod_security_package: configuration resync is ending.");
+
+ if (is_array($config['installedpackages']['apachesync']['config'])){
+ $apache_sync = $config['installedpackages']['apachesync']['config'][0];
+ $synconchanges = $apache_sync['synconchanges'];
+ $synctimeout = $apache_sync['synctimeout'];
+ switch ($synconchanges){
+ case "manual":
+ if (is_array($apache_sync[row])){
+ $rs = $apache_sync[row];
+ } else {
+ log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no hosts to push on apache config.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ // pfSense 2.0.x
+ $system_carp = $config['installedpackages']['carpsettings']['config'][0];
+ $rs[0]['ipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['username'] = $system_carp['username'];
+ $rs[0]['password'] = $system_carp['password'];
+ } else if (is_array($config['hasync'])) { // pfSense 2.1
+ $system_carp = $config['hasync'];
+ $rs[0]['ipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['username'] = $system_carp['username'];
+ $rs[0]['password'] = $system_carp['password'];
+ } else {
+ log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no system backup hosts to push apache config.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
+ }
+ }
+ if (is_array($rs)){
+ foreach($rs as $sh){
+ $sync_to_ip = $sh['ipaddress'];
+ $password = $sh['password'];
+ if ($sh['username'])
+ $username = $sh['username'];
+ else
+ $username = 'admin';
+ if ($password && $sync_to_ip)
+ apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout);
+ }
+ }
+}
+
+// Do the actual XMLRPC Sync
+function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
+ global $config, $g;
+
+ if(!$username)
+ return;
+
+ if(!$password)
+ return;
+
+ if(!$sync_to_ip)
+ return;
+
+ if(!$synctimeout)
+ $synctimeout=250;
+
+ $xmlrpc_sync_neighbor = $sync_to_ip;
+ if($config['system']['webgui']['protocol'] != "") {
+ $synchronizetoip = $config['system']['webgui']['protocol'];
+ $synchronizetoip .= "://";
+ }
+ $port = $config['system']['webgui']['port'];
+ /* if port is empty lets rely on the protocol selection */
+ if($port == "") {
+ if($config['system']['webgui']['protocol'] == "http")
+ $port = "80";
+ else
+ $port = "443";
+ }
+ $synchronizetoip .= $sync_to_ip;
+
+ /* xml will hold the sections to sync */
+ $xml = array();
+ $xml['apachesettings'] = $config['installedpackages']['apachesettings'];
+ $xml['apachemodsecurity'] = $config['installedpackages']['apachemodsecurity'];
+ $xml['apachemodsecuritysettings'] = $config['installedpackages']['apachemodsecuritysettings'];
+ $xml['apachebalancer'] = $config['installedpackages']['apachebalancer'];
+ $xml['apachevirtualhost'] = $config['installedpackages']['apachevirtualhost'];
+ $xml['apachelisten'] = $config['installedpackages']['apachelisten'];
+
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($xml)
+ );
+
+ /* set a few variables needed for sync code borrowed from filter.inc */
+ $url = $synchronizetoip;
+ log_error("apache_mod_security_package: Beginning apache_mod_security XMLRPC sync to {$url}:{$port}.");
+ $method = 'pfsense.merge_installedpackages_section_xmlrpc';
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials($username, $password);
+ if($g['debug'])
+ $cli->setDebug(1);
+ /* send our XMLRPC message and timeout after defined sync timeout value*/
+ $resp = $cli->send($msg, $synctimeout);
+ if(!$resp) {
+ $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port}.";
+ log_error($error);
+ file_notice("sync_settings", $error, "apache_mod_security Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, $synctimeout);
+ $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "apache_mod_security Settings Sync", "");
+ } else {
+ log_error("apache_mod_security_package: XMLRPC sync successfully completed with {$url}:{$port}.");
+ }
+
+ /* tell apache_mod_security to reload our settings on the destination sync host. */
+ $method = 'pfsense.exec_php';
+ $execcmd = "require_once('/usr/local/pkg/apache_mod_security.inc');\n";
+ $execcmd .= "apache_mod_security_resync();";
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($execcmd)
+ );
+
+ log_error("apache_mod_security_package: XMLRPC reload data {$url}:{$port}.");
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, $synctimeout);
+ if(!$resp) {
+ $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+ log_error($error);
+ file_notice("sync_settings", $error, "apache_mod_security Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, $synctimeout);
+ $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "apache_mod_security Settings Sync", "");
+ } else {
+ log_error("apache_mod_security XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+ }
+
+
}
function apache_mod_security_checkconfig() {
@@ -197,7 +351,9 @@ function generate_apache_configuration() {
file_notice("apache_mod_security", $error, "apache_mod_security", "");
}
// Set global listening directive and ensure nothing is listening on this port already
- $globalbind_ip = ($settings['globalbindtoipaddr'] ? $settings['globalbindtoipaddr'] : "*");
+ $iface_address = apache_get_real_interface_address($settings['globalbindtoipaddr']);
+ $ip=$iface_address[0];
+ $globalbind_ip = ($ip ? $ip : "*");
$globalbind_port = $settings['globalbindtoport'];
if ($globalbind_port == ""){
$globalbind_port ="80";
@@ -311,6 +467,7 @@ function generate_apache_configuration() {
//write balancer conf
file_put_contents(APACHEDIR."/etc/apache22/Includes/balancers.conf",$balancer_config,LOCK_EX);
}
+
// configure modsecurity group options
//chroot apache http://forums.freebsd.org/showthread.php?t=6858
if (is_array($config['installedpackages']['apachemodsecuritygroups'])){
@@ -327,31 +484,32 @@ function generate_apache_configuration() {
}
}
file_put_contents(RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']),LOCK_EX);
-
+
foreach (split(",",$mods_groups['baserules']) as $baserule){
$mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n";
- }
+ }
foreach (split(",",$mods_groups['optionalrules']) as $baserule){
$mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/optional_rules/{$baserule}.conf\n";
- }
+ }
foreach (split(",",$mods_groups['slrrules']) as $baserule){
$mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/slr_rules/{$baserule}.conf\n";
- }
+ }
foreach (split(",",$mods_groups['experimentalrules']) as $baserule){
$mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n";
- }
- $i++;
}
+ $i++;
+ }
if ($write_config > 0)
write_config("load crs 10 setup file to modsecurity group {$mods_groups['name']}");
}
//print "<PRE>";
//var_dump($mods_group);
-
+
//mod_security settings
if (is_array($config['installedpackages']['apachemodsecuritysettings'])){
$mods_settings=$config['installedpackages']['apachemodsecuritysettings']['config'][0];
}
+
//configure virtual hosts
$namevirtualhosts=array();
$namevirtualhosts[0]=$global_listen;
@@ -376,7 +534,7 @@ EOF;
$port=($virtualhost['port'] ? $virtualhost['port'] : $default_port[$virtualhost['proto']]);
if (!in_array("{$ip}:{$port}",$namevirtualhosts))
$namevirtualhosts[]="{$ip}:{$port}";
-
+
$vh_config.="# {$virtualhost['description']}\n";
$vh_config.="<VirtualHost {$ip}:{$port}>\n";
$vh_config.=" ServerName ". preg_replace ("/\r\n(\S+)/","\n ServerAlias $1",base64_decode($virtualhost['primarysitehostname'])) ."\n";
@@ -441,6 +599,7 @@ EOF;
}
}
}
+ $vh_config.= apache_textarea_decode($backend['custom'])."\n\n";
$vh_config.=" </Location>\n\n";
}
$vh_config.="</VirtualHost>\n";
@@ -469,7 +628,6 @@ EOF;
}
}
-
if ($mods_settings!="")
$SecGuardianLog="SecGuardianLog \"|".RULES_DIRECTORY."/util/httpd-guardian\"";
@@ -525,7 +683,7 @@ EOF;
// Read already configured addresses
if (is_array($settings['row'])){
foreach($settings['row'] as $row) {
- if ($row['ipaddress'] && $row['ipport'])
+ if ($row['interface'] && $row['ipport'])
$configuredaliases[] = $row;
}
}
@@ -544,8 +702,8 @@ EOF;
// Automatically add this to configuration
$aplisten=split(":",$namevirtualhost);
$config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $aplisten[0], 'ipport' => $aplisten[1]);
- }
}
+ }
// Process Status Page
$mod_status = "";
if ($settings['statuspage'] == "on") {
@@ -554,12 +712,12 @@ EOF;
SetHandler server-status
Order Deny,Allow
Deny from all
-
+
EOF;
$mod_status .= "Allow from ".($settings['netaccessstatus'] ? $settings['netaccessstatus'] : "All")."\n";
$mod_status .= "</Location>\n";
}
-
+
// update configuration with actual ip bindings
write_config($pkg['addedit_string']);
diff --git a/config/apache_mod_security-dev/apache_mod_security.template b/config/apache_mod_security-dev/apache_mod_security.template
index f6ad6e3e..d004a9ae 100644
--- a/config/apache_mod_security-dev/apache_mod_security.template
+++ b/config/apache_mod_security-dev/apache_mod_security.template
@@ -1,6 +1,6 @@
<?php
// Mod_security enabled?
-if($mods_settings['enablemodsecurity']=="on") {
+if($mods_settings['enablemodsecurity']=="on") {
$enable_mod_security = true;
$mod_security = <<< EOF
# -- Rule engine initialization ----------------------------------------------
@@ -209,4 +209,4 @@ SecArgumentSeparator &
SecCookieFormat 0
EOF;
-} \ No newline at end of file
+}
diff --git a/config/apache_mod_security-dev/apache_mod_security_groups.xml b/config/apache_mod_security-dev/apache_mod_security_groups.xml
index 315d2de0..c4651f45 100644
--- a/config/apache_mod_security-dev/apache_mod_security_groups.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_groups.xml
@@ -73,7 +73,7 @@
<tab_level>2</tab_level>
</tab>
</tabs>
- <adddeleteeditpagefields>
+ <adddeleteeditpagefields>
<movable>on</movable>
<columnitem>
<fielddescr>Name</fielddescr>
@@ -87,7 +87,7 @@
<fielddescr>Description</fielddescr>
<fieldname>description</fieldname>
</columnitem>
-
+
</adddeleteeditpagefields>
<fields>
<field>
@@ -109,7 +109,7 @@
<type>input</type>
<size>45</size>
</field>
-
+
<field>
<fielddescr>Base Rules</fielddescr>
<fieldname>baserules</fieldname>
@@ -202,8 +202,8 @@
<description><![CDATA[<b>modsecurity_crs_10_setup.conf file.</b><br>Leave empty to load setup defaults.]]></description>
<type>textarea</type>
<encoding>base64</encoding>
- <rows>15</rows>
- <cols>90</cols>
+ <rows>15</rows>
+ <cols>90</cols>
</field>
<field>
<name>Custom mod_security ErrorDocument</name>
@@ -217,8 +217,8 @@
<description>Custom mod_security ErrorDocument.</description>
<type>textarea</type>
<encoding>base64</encoding>
- <rows>10</rows>
- <cols>90</cols>
+ <rows>10</rows>
+ <cols>90</cols>
</field>
<field>
<name>Custom mod_security rules</name>
@@ -232,12 +232,12 @@
<description>Paste any custom mod_security rules that you would like to use</description>
<type>textarea</type>
<encoding>base64</encoding>
- <rows>10</rows>
- <cols>90</cols>
+ <rows>10</rows>
+ <cols>90</cols>
</field>
</fields>
<custom_php_resync_config_command>
apache_mod_security_resync();
</custom_php_resync_config_command>
<include_file>/usr/local/pkg/apache_mod_security.inc</include_file>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/apache_mod_security-dev/apache_mod_security_manipulation.xml b/config/apache_mod_security-dev/apache_mod_security_manipulation.xml
index ab681c66..7477e540 100644
--- a/config/apache_mod_security-dev/apache_mod_security_manipulation.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_manipulation.xml
@@ -142,4 +142,4 @@
apache_mod_security_resync();
</custom_php_resync_config_command>
<include_file>/usr/local/pkg/apache_mod_security.inc</include_file>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/apache_mod_security-dev/apache_mod_security_sync.xml b/config/apache_mod_security-dev/apache_mod_security_sync.xml
index 0d8d8c8f..3e1c0a9c 100755
--- a/config/apache_mod_security-dev/apache_mod_security_sync.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_sync.xml
@@ -68,8 +68,30 @@
<field>
<fielddescr>Automatically sync apache configuration changes</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>Automatically sync apache changes to the hosts defined below.</description>
- <type>checkbox</type>
+ <description>Select a sync method for Apache + ModSecurity.</description>
+ <type>select</type>
+ <required/>
+ <default_value>auto</default_value>
+ <options>
+ <option><name>Sync to configured system backup server</name><value>auto</value></option>
+ <option><name>Sync to host(s) defined below</name><value>manual</value></option>
+ <option><name>Do not sync this package configuration</name><value>disabled</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Sync timeout</fielddescr>
+ <fieldname>synctimeout</fieldname>
+ <description>Select sync max wait time</description>
+ <type>select</type>
+ <required/>
+ <default_value>250</default_value>
+ <options>
+ <option><name>250 seconds(Default)</name><value>250</value></option>
+ <option><name>120 seconds</name><value>120</value></option>
+ <option><name>90 seconds</name><value>90</value></option>
+ <option><name>60 seconds</name><value>60</value></option>
+ <option><name>30 seconds</name><value>30</value></option>
+ </options>
</field>
<field>
<fielddescr>Remote Server</fielddescr>
diff --git a/config/apache_mod_security-dev/apache_mod_security_view_logs.php b/config/apache_mod_security-dev/apache_mod_security_view_logs.php
index 1956a217..669c71f4 100755
--- a/config/apache_mod_security-dev/apache_mod_security_view_logs.php
+++ b/config/apache_mod_security-dev/apache_mod_security_view_logs.php
@@ -68,7 +68,7 @@ include("head.inc");
<?php
$tab_array = array();
$tab_array[] = array(gettext("Apache"), false, "/pkg_edit.php?xml=apache_settings.xml&amp;id=0");
- $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_setttings.xml");
+ $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_settings.xml");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=apache_mod_security_sync.xml");
$tab_array[] = array(gettext("Backends"), false, "/pkg.php?xml=apache_mod_security_backends.xml",2);
$tab_array[] = array(gettext("VirtualHosts"), false, "/pkg.php?xml=apache_mod_security.xml",2);
diff --git a/config/apache_mod_security-dev/apache_settings.xml b/config/apache_mod_security-dev/apache_settings.xml
index 2f089616..6b320452 100644
--- a/config/apache_mod_security-dev/apache_settings.xml
+++ b/config/apache_mod_security-dev/apache_settings.xml
@@ -68,7 +68,7 @@
<tab_level>2</tab_level>
</tab>
<tab>
- <text>Virutal Hosts</text>
+ <text>Virtual Hosts</text>
<url>/pkg.php?xml=apache_virtualhost.xml</url>
<tab_level>2</tab_level>
</tab>
@@ -93,7 +93,7 @@
<fielddescr>Server hostname</fielddescr>
<fieldname>hostname</fieldname>
<description>
- <![CDATA[Enter the servers hostname<br>
+ <![CDATA[Enter the servers hostname<br/
NOTE: Leave blank to use this devices hostname.]]>
</description>
<type>input</type>
@@ -102,17 +102,19 @@
<fielddescr>Default Bind to IP Address</fielddescr>
<fieldname>globalbindtoipaddr</fieldname>
<description>
- <![CDATA[This is the IP address the Proxy Server will listen on.<br/>
- NOTE: Leave blank to bind to *]]>
+ <![CDATA[This is the IP address the Proxy Server will listen on.]]>
</description>
- <type>input</type>
+ <type>interfaces_selection</type>
+ <showlistenall/>
+ <showvirtualips/>
+ <showips/>
</field>
<field>
<fielddescr>Default Bind to port</fielddescr>
<fieldname>globalbindtoport</fieldname>
<description>
<![CDATA[This is the port the Proxy Server will listen on.<br>
- NOTE: Leave blank to bind to 80]]>
+ NOTE: Leave blank to bind to 80]]>
</description>
<type>input</type>
<size>5</size>
@@ -281,9 +283,9 @@
<fielddescr>Status Page</fielddescr>
<fieldname>statuspage</fieldname>
<description>
- <![CDATA[Enable a status page for Apache and Mod_proxy. Access http://DefaultBindIP:DefaultBindPort/status-server]]>
+ <![CDATA[Enable a status page for Apache and Mod_proxy. Access http://DefaultBindIP:DefaultBindPort/status-server]]>
</description>
- <type>select</type>
+ <type>select</type>
<options>
<option><name>Disabled (Default)</name><value>off</value></option>
<option><name>Enabled</name><value>on</value></option>
@@ -293,7 +295,7 @@
<fielddescr>Network Access Status Page</fielddescr>
<fieldname>netaccessstatus</fieldname>
<description>
- <![CDATA[Networks that can access apache status page. Ex: 172.16.1.0/24<br/>
+ <![CDATA[Networks that can access apache status page. Ex: 172.16.1.0/24<br/
NOTE: Leave blank to allow access from any ip.(Not recommended for security reasons)]]>
</description>
<type>input</type>
diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php
index 77c14176..494f37cd 100644
--- a/config/apache_mod_security-dev/apache_view_logs.php
+++ b/config/apache_mod_security-dev/apache_view_logs.php
@@ -42,7 +42,7 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
if(strstr($pfSversion, "1.2"))
$one_two = true;
-$pgtitle = "Status: Apache Vhosts Logs";
+$pgtitle = "Status: Apache VirtualHost Logs";
include("head.inc");
?>
@@ -171,8 +171,8 @@ function showLog(content,url,logtype)
</tbody>
</table>
</form>
- <div id="bowserinfo" style='padding: 5px; border: 1px dashed #990000; font-weight:bold; font-size: 0.9em; text-align: center; margin: 1px; display:block; height: 12px;'>
- <span><span>
+ <div id="browserinfo" style='padding: 5px; border: 1px dashed #990000; font-weight:bold; font-size: 0.9em; text-align: center; margin: 1px; display:block; height: 12px;'>
+ <span></span>
</div>
<!-- Squid Table -->
<table width="100%" border="0" cellpadding="0" cellspacing="0">
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml
index b3653bdf..53478721 100644
--- a/config/apache_mod_security-dev/apache_virtualhost.xml
+++ b/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -4,40 +4,41 @@
<packagegui>
<copyright>
<![CDATA[
- /* $Id$ */
- /* ========================================================================== */
- /*
- apache_virtualhost.xml
- part of apache_mod_security package (http://www.pfSense.com)
- Copyright (C)2009, 2010 Scott Ullrich
- Copyright (C)2012 Marcello Coutinho
- All rights reserved.
- */
- /* ========================================================================== */
- /*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+/* $Id$ */
+/* ========================================================================== */
+/*
+ apache_virtualhost.xml
+ part of apache_mod_security package (http://www.pfSense.com)
+ Copyright (C)2009, 2010 Scott Ullrich
+ Copyright (C)2012 Marcello Coutinho
+ Copyright (C)2013 Stephane Lapie <stephane.lapie@asahinet.com>
+ All rights reserved.
+*/
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code MUST retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 1. Redistributions of source code MUST retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 2. Redistributions in binary form MUST reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 2. Redistributions in binary form MUST reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
- /* ========================================================================== */
- ]]>
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ========================================================================== */
+]]>
</copyright>
<name>apachevirtualhost</name>
<version>1.0</version>
@@ -143,7 +144,7 @@
<tab_level>2</tab_level>
</tab>
<tab>
- <text>Virutal Hosts</text>
+ <text>Virtual Hosts</text>
<url>/pkg.php?xml=apache_virtualhost.xml</url>
<tab_level>2</tab_level>
<active/>
@@ -201,17 +202,14 @@
<description>Select protocols that this virtual host will accept connections</description>
<type>select</type>
<options>
- <option><name>HTTP</name><value>http</value></option>
- <option><name>HTTPS</name><value>https</value></option>
+ <option><name>HTTP</name><value>http</value></option>
+ <option><name>HTTPS</name><value>https</value></option>
</options>
</field>
<field>
<fielddescr>Server Name(s)</fielddescr>
<fieldname>primarysitehostname</fieldname>
- <description>
- <![CDATA[Enter hostnames one per line in FQDN format for this website (e.g. www.example.com)<br/>
- Leave blank and define the IP Address / port above for IP site proxy (i.e. not named site proxy)]]>
- </description>
+ <description><![CDATA[Enter hostnames one per line in FQDN format for this website (e.g. www.example.com)<br/>Leave blank and define the IP Address / port above for IP site proxy (i.e. not named site proxy)]]></description>
<cols>40</cols>
<rows>2</rows>
<type>textarea</type>
@@ -238,27 +236,21 @@
<fielddescr>Site Webmaster E-Mail address</fielddescr>
<fieldname>siteemail</fieldname>
<size>50</size>
- <description>
- <![CDATA[
- Enter the Webmaster E-Mail address for this site.
- ]]>
- </description>
+ <description><![CDATA[Enter the Webmaster E-Mail address for this site.]]></description>
<type>input</type>
</field>
<field>
<fielddescr>Site description</fielddescr>
<fieldname>description</fieldname>
<size>50</size>
- <description>
- <![CDATA[Enter a site description]]>
- </description>
+ <description><![CDATA[Enter a site description]]></description>
<type>input</type>
</field>
<field>
<fielddescr>HTTPS SSL certificate</fielddescr>
<fieldname>ssl_cert</fieldname>
<description>Choose the SSL Server Certificate here.</description>
- <type>select_source</type>
+ <type>select_source</type>
<source><![CDATA[$config['cert']]]></source>
<source_name>descr</source_name>
<source_value>refid</source_value>
@@ -283,62 +275,62 @@
<![CDATA[Location(s)]]>
</fielddescr>
<fieldname>locations</fieldname>
- <type>rowhelper</type>
- <dontdisplayname/>
+ <type>rowhelper</type>
+ <dontdisplayname/>
<usecolspan2/>
<movable>on</movable>
- <rowhelper>
+ <rowhelper>
<rowhelperfield>
- <fielddescr><![CDATA[gzip?]]></fielddescr>
- <fieldname>compress</fieldname>
- <description>Compress data to save bandwidth?</description>
+ <fielddescr><![CDATA[gzip?]]></fielddescr>
+ <fieldname>compress</fieldname>
+ <description>Compress data to save bandwidth?</description>
<type>select</type>
<options>
- <option><name>yes</name><value>yes</value></option>
- <option><name>no</name><value>no</value></option>
+ <option><name>yes</name><value>yes</value></option>
+ <option><name>no</name><value>no</value></option>
</options>
</rowhelperfield>
<rowhelperfield>
- <fielddescr><![CDATA[site path]]></fielddescr>
- <fieldname>sitepath</fieldname>
- <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description>
- <type>input</type>
- <size>12</size>
+ <fielddescr><![CDATA[Site Path]]></fielddescr>
+ <fieldname>sitepath</fieldname>
+ <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description>
+ <type>input</type>
+ <size>12</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr><![CDATA[Balancer]]></fielddescr>
- <fieldname>balancer</fieldname>
- <description>Server balancer / pool</description>
+ <fieldname>balancer</fieldname>
+ <description>Server balancer / pool</description>
<source><![CDATA[$config['installedpackages']['apachebalancer']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
<show_disable_value>none</show_disable_value>
<type>select_source</type>
- <size>5</size>
+ <size>5</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LbMethod</a>]]></fielddescr>
- <fieldname>lbmethod</fieldname>
- <description>Server balance method</description>
- <type>select</type>
- <options>
- <option><name>byrequests</name><value>byrequests</value></option>
- <option><name>bytraffic</name><value>bytraffic</value></option>
- <option><name>bybusyness</name><value>bybusyness</value></option>
+ <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LB Method</a>]]></fielddescr>
+ <fieldname>lbmethod</fieldname>
+ <description>Server balance method</description>
+ <type>select</type>
+ <options>
+ <option><name>byrequests</name><value>byrequests</value></option>
+ <option><name>bytraffic</name><value>bytraffic</value></option>
+ <option><name>bybusyness</name><value>bybusyness</value></option>
</options>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>Backend path</fielddescr>
- <fieldname>backendpath</fieldname>
- <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description>
- <type>input</type>
- <size>12</size>
+ <fielddescr>Backend Path</fielddescr>
+ <fieldname>backendpath</fieldname>
+ <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description>
+ <type>input</type>
+ <size>12</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr><![CDATA[ModSecurity]]></fielddescr>
<fieldname>modsecgroup</fieldname>
- <description>Choose Modsecurity group to use on this virtual host.</description>
- <type>select_source</type>
+ <description>Choose ModSecurity group to use on this virtual host.</description>
+ <type>select_source</type>
<source><![CDATA[$config['installedpackages']['apachemodsecuritygroups']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
@@ -348,20 +340,29 @@
<fielddescr><![CDATA[Manipulations]]></fielddescr>
<fieldname>modsecmanipulation</fieldname>
<description>Choose Modsecurity group to use on this virtual host.</description>
- <type>select_source</type>
+ <type>select_source</type>
<source><![CDATA[$config['installedpackages']['apachemodsecuritymanipulation']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
<show_disable_value>none</show_disable_value>
</rowhelperfield>
<rowhelperfield>
- <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>&nbsp;&nbsp;Balancer options</a>]]></fielddescr>
- <fieldname>options</fieldname>
- <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description>
- <type>input</type>
- <size>11</size>
+ <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>&nbsp;&nbsp;Balancer options</a>]]></fielddescr>
+ <fieldname>options</fieldname>
+ <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description>
+ <type>input</type>
+ <size>11</size>
</rowhelperfield>
- </rowhelper>
+ <rowhelperfield>
+ <fielddescr>Location Custom Settings</fielddescr>
+ <fieldname>custom</fieldname>
+ <description><![CDATA[Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.]]></description>
+ <type>textarea</type>
+ <cols>65</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ </rowhelperfield>
+ </rowhelper>
</field>
<field>
<name>Logging</name>
@@ -370,25 +371,19 @@
<field>
<fielddescr>Preserve Proxy hostname</fielddescr>
<fieldname>preserveproxyhostname</fieldname>
- <description>
- <![CDATA[
- When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the backend IP address.
- ]]>
- </description>
+ <description><![CDATA[When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the backend IP address.]]></description>
<type>checkbox</type>
</field>
<field>
<fielddescr>Log file</fielddescr>
<fieldname>logfile</fieldname>
- <description>
- <![CDATA[Enable access and error log for this virtual host.]]>
- </description>
+ <description><![CDATA[Enable access and error log for this virtual host.]]></description>
<type>select</type>
- <options>
- <option><name>Log to default apache log file</name><value>default</value></option>
- <option><name>Create a log file for this site</name><value>create</value></option>
- <option><name>Do not not this website</name><value>disabled</value></option>
- </options>
+ <options>
+ <option><name>Log to default apache log file</name><value>default</value></option>
+ <option><name>Create a log file for this site</name><value>create</value></option>
+ <option><name>Do not log this website</name><value>disabled</value></option>
+ </options>
</field>
<field>
<name>Custom Options</name>
@@ -397,7 +392,7 @@
<field>
<fielddescr>Custom Options</fielddescr>
<fieldname>custom</fieldname>
- <description>Paste extra apache config for this virtualhost. This is usefull for rewrite rules for example.</description>
+ <description>Pass extra Apache config for this VirtualHost. This is useful for Rewrite rules for example.</description>
<type>textarea</type>
<cols>90</cols>
<rows>10</rows>
@@ -415,4 +410,4 @@
apache_mod_security_resync();
</custom_php_resync_config_command>
<include_file>/usr/local/pkg/apache_mod_security.inc</include_file>
-</packagegui> \ No newline at end of file
+</packagegui>