diff options
| author | Stephane Lapie <stephane.lapie@asahinet.com> | 2013-11-13 12:29:45 +0900 |
|---|---|---|
| committer | Stephane Lapie <stephane.lapie@asahinet.com> | 2013-11-13 12:37:28 +0900 |
| commit | b0e3cc67b5ac508aade428fbbddf1b90df05b696 (patch) | |
| tree | a33e04790b7498e27ae342449dc9fd8c339c4fc4 /config/apache_mod_security-dev | |
| parent | dc36992067d3aa78702c493b47baa2c58f98f7fd (diff) | |
| download | pfsense-packages-b0e3cc67b5ac508aade428fbbddf1b90df05b696.tar.gz pfsense-packages-b0e3cc67b5ac508aade428fbbddf1b90df05b696.tar.bz2 pfsense-packages-b0e3cc67b5ac508aade428fbbddf1b90df05b696.zip | |
Add XMLRPC sync, vhost location custom settings
- Typo: Lots of typo fixes and re-indenting
- XMLRPC: Added actual code for XMLRPC (not 100% functional, remote reload fails)
- VirtualHost: Added custom settings for Locations (for SSLRequire & such)
- Settings: Use interfaces instead of manual input IP address
Diffstat (limited to 'config/apache_mod_security-dev')
13 files changed, 573 insertions, 192 deletions
diff --git a/config/apache_mod_security-dev/apache.template b/config/apache_mod_security-dev/apache.template index 12a36b69..ab981a9e 100644 --- a/config/apache_mod_security-dev/apache.template +++ b/config/apache_mod_security-dev/apache.template @@ -6,7 +6,7 @@ } if($mods_settings['enablemodsecurity']=="on") $mod_security_module= "LoadModule security2_module libexec/apache22/mod_security2.so\n"; - + $apache_dir=APACHEDIR; $apache_config = <<<EOF ################################################################################## @@ -513,4 +513,4 @@ Include etc/apache22/Includes/*.conf EOF; -?>
\ No newline at end of file +?> diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml index 16779158..7cb9774b 100755 --- a/config/apache_mod_security-dev/apache_balancer.xml +++ b/config/apache_mod_security-dev/apache_balancer.xml @@ -75,7 +75,7 @@ <active/> </tab> <tab> - <text>Virutal Hosts</text> + <text>Virtual Hosts</text> <url>/pkg.php?xml=apache_virtualhost.xml</url> <tab_level>2</tab_level> </tab> @@ -102,7 +102,7 @@ <columnitem> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - </columnitem> + </columnitem> <movable>on</movable> </adddeleteeditpagefields> <fields> @@ -136,65 +136,64 @@ <fieldname>proto</fieldname> <description><![CDATA[Protocol listening on this internal server(s) port.]]></description> <type>select</type> - <options> - <option> <name>HTTP</name> <value>http</value> </option> - <option> <name>HTTPS</name> <value>https</value> </option> - </options> - </field> <field> + <options> + <option> <name>HTTP</name> <value>http</value> </option> + <option> <name>HTTPS</name> <value>https</value> </option> + </options> + </field> + <field> <name><![CDATA[Internal Server(s)]]></name> <type>listtopic</type> </field> -<field> - <fielddescr> - <![CDATA[Internal Servers]]> - </fielddescr> + <field> + <fielddescr><![CDATA[Internal Servers]]></fielddescr> <fieldname>additionalparameters</fieldname> - <type>rowhelper</type> + <type>rowhelper</type> <dontdisplayname/> <usecolspan2/> <movable>on</movable> - <rowhelper> + <rowhelper> <rowhelperfield> - <fielddescr>fqdn or ip</fielddescr> - <fieldname>host</fieldname> - <description>Internal site IP or Hostnamesite</description> - <type>input</type> - <size>27</size> + <fielddescr>FQDN or IP Address</fielddescr> + <fieldname>host</fieldname> + <description>Internal site IP or Hostnamesite</description> + <type>input</type> + <size>27</size> </rowhelperfield> <rowhelperfield> - <fielddescr>port</fielddescr> - <fieldname>port</fieldname> - <description>Internal site port</description> - <type>input</type> - <size>5</size> + <fielddescr>port</fielddescr> + <fieldname>port</fieldname> + <description>Internal site port</description> + <type>input</type> + <size>5</size> </rowhelperfield> <rowhelperfield> - <fielddescr>routeid</fielddescr> - <fieldname>routeid</fieldname> - <description>id to define stick connections</description> - <type>input</type> - <size>6</size> + <fielddescr>routeid</fielddescr> + <fieldname>routeid</fieldname> + <description>ID to define sticky connections</description> + <type>input</type> + <size>6</size> </rowhelperfield> <rowhelperfield> - <fielddescr>weight</fielddescr> - <fieldname>loadfactor</fieldname> - <description>Server weight</description> - <type>input</type> - <size>6</size> + <fielddescr>weight</fielddescr> + <fieldname>loadfactor</fieldname> + <description>Server weight</description> + <type>input</type> + <size>4</size> </rowhelperfield> <rowhelperfield> - <fielddescr>ping</fielddescr> - <fieldname>ping</fieldname> - <description>Server ping test interval</description> - <type>input</type> - <size>6</size> + <fielddescr>ping</fielddescr> + <fieldname>ping</fieldname> + <description>Server ping test interval</description> + <type>input</type> + <size>6</size> </rowhelperfield> <rowhelperfield> - <fielddescr>ttl</fielddescr> - <fieldname>ttl</fieldname> - <description>Server pint ttl</description> - <type>input</type> - <size>6</size> + <fielddescr>ttl</fielddescr> + <fieldname>ttl</fieldname> + <description>Server ping TTL</description> + <type>input</type> + <size>6</size> </rowhelperfield> </rowhelper> </field> @@ -203,4 +202,4 @@ <custom_php_resync_config_command> apache_mod_security_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php new file mode 100644 index 00000000..5448f850 --- /dev/null +++ b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php @@ -0,0 +1,205 @@ +<?php +/* ========================================================================== */ +/* + apache_view_logs.php + part of pfSense (http://www.pfSense.com) + Copyright (C) 2009, 2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2012 Carlos Cesario + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + +require_once("/etc/inc/util.inc"); +require_once("/etc/inc/functions.inc"); +require_once("/etc/inc/pkg-utils.inc"); +require_once("/etc/inc/globals.inc"); +require_once("guiconfig.inc"); +require_once("apache_mod_security.inc"); + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "Apache reverse proxy: Apache VirtualHost Location"; + +$virtualhost_id = $_GET['virtualhost_id']; +if (isset($_POST['virtualhost_id'])) + $virtualhost_id = $_POST['virtualhost_id']; + +$backend_id = $_GET['backend_id']; +if (isset($_POST['backend_id'])) + $backend_id = $_POST['backend_id']; + +if (is_array($config['installedpackages']['apachevirtualhost']['config']) && is_array($config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id])) + $virtualhost = &$config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id]; +if (is_array($virtualhost['row']) && is_array($virtualhost['row'][$backend_id])) + $backend = &$virtualhost['row'][$backend_id]; + +/* + * Not having a virtualhost->backend entry means we can't do this. + */ +if (! $backend) { + $input_errors[] = gettext("Requested VirtualHost (ID={$virtualhost_id}) or Backend (ID={$backend_id}) does not exist."); +} + + +if ($_POST) { + unset($input_errors); + + /* + * Check for a valid expirationdate if one is set at all (valid means, + * DateTime puts out a time stamp so any DateTime compatible time + * format may be used. to keep it simple for the enduser, we only + * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs + * like "+1 day", which will be converted to MM/DD/YYYY based on "now". + * Otherwhise such an entry would lead to an invalid expiration data. + */ + if ($_POST['expires']) { + try { + $expdate = new DateTime($_POST['expires']); + //convert from any DateTime compatible date to MM/DD/YYYY + $_POST['expires'] = $expdate->format("m/d/Y"); + } catch ( Exception $ex ) { + $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); + } + } + + /* if this is an AJAX caller then handle via JSON */ + if (isAjax() && is_array($input_errors)) { + input_errors2Ajax($input_errors); + exit; + } + + if (!$input_errors) { + if ($_POST['custom']) + $backend['custom'] = base64_encode($_POST['custom']); + else + unset($backend['custom']); + + write_config("Saved Location Custom Settings for location {$backend['sitepath']} on virtual host '{$virtualhost['primarysitehostname']}'"); + apache_mod_security_resync(); + pfSenseHeader("apache_edit_virtualhost_location.php?virtualhost_id={$virtualhost_id}&backend_id={$backend_id}"); + } +} + +include("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> + +<?php if($one_two): ?> + + <p class="pgtitle"><?=$pgtitle?></font></p> + +<?php endif; ?> + +<?php + if ($input_errors) + print_input_errors($input_errors); + if ($savemsg) + print_info_box($savemsg); +?> + +<div id="mainlevel"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Apache"), true, "/pkg_edit.php?xml=apache_settings.xml&id=0"); + $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_settings.xml"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=apache_mod_security_sync.xml"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr><td> + <?php + unset ($tab_array); + $tab_array[] = array(gettext("Daemon Options"), false, "pkg_edit.php?xml=apache_settings.xml"); + $tab_array[] = array(gettext("Backends / Balancers"), false, "/pkg.php?xml=apache_balancer.xml"); + $tab_array[] = array(gettext("Virtual Hosts"), true, "/pkg.php?xml=apache_virtualhost.xml"); + $tab_array[] = array(gettext("Logs"), false, "/apache_view_logs.php"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr><td> + <div id="mainarea" style="padding-top: 0px; padding-bottom: 0px; "> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"><tbody> + <form action="apache_edit_virtualhost_location.php" id="paramsForm" name="paramsForm" method="post"> + <tr> + <td width="22%" valign="top" class="vncellreq">Primary Site Hostname</td> + <td width="78%" class="vtable"> + <span class="vexpl"> + <?=base64_decode($virtualhost['primarysitehostname']);?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Current Site Path</td> + <td width="78%" class="vtable"> + <span class="vexpl"> + <?=$backend['sitepath'];?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Location Custom Settings");?></td> + <td width="78%" class="vtable"> + <textarea name='custom' rows='10' cols='65' id='custom'><?=base64_decode($backend['custom']);?></textarea> + <br/> + <span class="vexpl"> + <?=gettext("Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.");?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> +<?php if (isset($virtualhost_id)): ?> + <input name="virtualhost_id" type="hidden" value="<?=$virtualhost_id;?>" /> +<?php endif;?> +<?php if (isset($backend_id)): ?> + <input name="backend_id" type="hidden" value="<?=$backend_id;?>" /> +<?php endif;?> + <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + <input id="cancel" name="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> + </td> + </tr> + </form> + </tbody></table> + </div> + </td></tr> + </table> +</div> + + +<?php +include("fend.inc"); +?> + +</body> +</html> diff --git a/config/apache_mod_security-dev/apache_logs_data.php b/config/apache_mod_security-dev/apache_logs_data.php index 256ff144..fdcc04b0 100644 --- a/config/apache_mod_security-dev/apache_logs_data.php +++ b/config/apache_mod_security-dev/apache_logs_data.php @@ -92,7 +92,7 @@ if ($_GET) { // Apply filter and color if ($filter != "") $line = preg_replace("@($filter)@i","<spam><font color='red'>$1</font></span>",$line); - $agent_info="onmouseover=\"jQuery('#bowserinfo').empty().html('{$line[13]}');\"\n"; + $agent_info="onmouseover=\"jQuery('#browserinfo').empty().html('{$line[13]}');\"\n"; echo "<tr valign=\"top\" $agent_info>\n"; echo "<td class=\"listlr\" align=\"center\" nowrap>{$line[5]}({$line[6]})</td>\n"; echo "<td class=\"listr\" align=\"center\">{$line[1]}</td>\n"; diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index f21dcbdc..c9ab05e8 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -4,6 +4,7 @@ part of apache_mod_security package (http://www.pfSense.com) Copyright (C) 2009, 2010 Scott Ullrich Copyright (C) 2012-2013 Marcello Coutinho + Copyright (C) 2013 Stephane Lapie <stephane.lapie@asahinet.com> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,6 +28,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + $shortcut_section = "apache"; // Check to find out on which system the package is running $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); @@ -123,6 +125,7 @@ function apache_mod_security_resync() { global $config, $g; apache_mod_security_install(); $dirs=array("base", "experimental","optional", "slr"); + log_error("apache_mod_security_package: configuration resync is starting."); if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE")){ exec ("/usr/local/bin/git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git ".APACHEDIR."/".MODSECURITY_DIR); //chdir (APACHEDIR."/".MODSECURITY_DIR); @@ -136,14 +139,165 @@ function apache_mod_security_resync() { while (false !== ($entry = readdir($handle))) { if (preg_match("/(\S+).conf$/",$entry,$matches)) $config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]); - } - closedir($handle); - } } + closedir($handle); + } + } if ($write_config > 0) write_config(); apache_mod_security_checkconfig(); apache_mod_security_restart(); + log_error("apache_mod_security_package: configuration resync is ending."); + + if (is_array($config['installedpackages']['apachesync']['config'])){ + $apache_sync = $config['installedpackages']['apachesync']['config'][0]; + $synconchanges = $apache_sync['synconchanges']; + $synctimeout = $apache_sync['synctimeout']; + switch ($synconchanges){ + case "manual": + if (is_array($apache_sync[row])){ + $rs = $apache_sync[row]; + } else { + log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no hosts to push on apache config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ // pfSense 2.0.x + $system_carp = $config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + } else if (is_array($config['hasync'])) { // pfSense 2.1 + $system_carp = $config['hasync']; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + } else { + log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no system backup hosts to push apache config."); + return; + } + break; + default: + return; + break; + } + } + if (is_array($rs)){ + foreach($rs as $sh){ + $sync_to_ip = $sh['ipaddress']; + $password = $sh['password']; + if ($sh['username']) + $username = $sh['username']; + else + $username = 'admin'; + if ($password && $sync_to_ip) + apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout); + } + } +} + +// Do the actual XMLRPC Sync +function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { + global $config, $g; + + if(!$username) + return; + + if(!$password) + return; + + if(!$sync_to_ip) + return; + + if(!$synctimeout) + $synctimeout=250; + + $xmlrpc_sync_neighbor = $sync_to_ip; + if($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } + $synchronizetoip .= $sync_to_ip; + + /* xml will hold the sections to sync */ + $xml = array(); + $xml['apachesettings'] = $config['installedpackages']['apachesettings']; + $xml['apachemodsecurity'] = $config['installedpackages']['apachemodsecurity']; + $xml['apachemodsecuritysettings'] = $config['installedpackages']['apachemodsecuritysettings']; + $xml['apachebalancer'] = $config['installedpackages']['apachebalancer']; + $xml['apachevirtualhost'] = $config['installedpackages']['apachevirtualhost']; + $xml['apachelisten'] = $config['installedpackages']['apachelisten']; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + /* set a few variables needed for sync code borrowed from filter.inc */ + $url = $synchronizetoip; + log_error("apache_mod_security_package: Beginning apache_mod_security XMLRPC sync to {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + if($g['debug']) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after defined sync timeout value*/ + $resp = $cli->send($msg, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } else { + log_error("apache_mod_security_package: XMLRPC sync successfully completed with {$url}:{$port}."); + } + + /* tell apache_mod_security to reload our settings on the destination sync host. */ + $method = 'pfsense.exec_php'; + $execcmd = "require_once('/usr/local/pkg/apache_mod_security.inc');\n"; + $execcmd .= "apache_mod_security_resync();"; + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("apache_mod_security_package: XMLRPC reload data {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } else { + log_error("apache_mod_security XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + } + + } function apache_mod_security_checkconfig() { @@ -197,7 +351,9 @@ function generate_apache_configuration() { file_notice("apache_mod_security", $error, "apache_mod_security", ""); } // Set global listening directive and ensure nothing is listening on this port already - $globalbind_ip = ($settings['globalbindtoipaddr'] ? $settings['globalbindtoipaddr'] : "*"); + $iface_address = apache_get_real_interface_address($settings['globalbindtoipaddr']); + $ip=$iface_address[0]; + $globalbind_ip = ($ip ? $ip : "*"); $globalbind_port = $settings['globalbindtoport']; if ($globalbind_port == ""){ $globalbind_port ="80"; @@ -311,6 +467,7 @@ function generate_apache_configuration() { //write balancer conf file_put_contents(APACHEDIR."/etc/apache22/Includes/balancers.conf",$balancer_config,LOCK_EX); } + // configure modsecurity group options //chroot apache http://forums.freebsd.org/showthread.php?t=6858 if (is_array($config['installedpackages']['apachemodsecuritygroups'])){ @@ -327,31 +484,32 @@ function generate_apache_configuration() { } } file_put_contents(RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']),LOCK_EX); - + foreach (split(",",$mods_groups['baserules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n"; - } + } foreach (split(",",$mods_groups['optionalrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/optional_rules/{$baserule}.conf\n"; - } + } foreach (split(",",$mods_groups['slrrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/slr_rules/{$baserule}.conf\n"; - } + } foreach (split(",",$mods_groups['experimentalrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n"; - } - $i++; } + $i++; + } if ($write_config > 0) write_config("load crs 10 setup file to modsecurity group {$mods_groups['name']}"); } //print "<PRE>"; //var_dump($mods_group); - + //mod_security settings if (is_array($config['installedpackages']['apachemodsecuritysettings'])){ $mods_settings=$config['installedpackages']['apachemodsecuritysettings']['config'][0]; } + //configure virtual hosts $namevirtualhosts=array(); $namevirtualhosts[0]=$global_listen; @@ -376,7 +534,7 @@ EOF; $port=($virtualhost['port'] ? $virtualhost['port'] : $default_port[$virtualhost['proto']]); if (!in_array("{$ip}:{$port}",$namevirtualhosts)) $namevirtualhosts[]="{$ip}:{$port}"; - + $vh_config.="# {$virtualhost['description']}\n"; $vh_config.="<VirtualHost {$ip}:{$port}>\n"; $vh_config.=" ServerName ". preg_replace ("/\r\n(\S+)/","\n ServerAlias $1",base64_decode($virtualhost['primarysitehostname'])) ."\n"; @@ -441,6 +599,7 @@ EOF; } } } + $vh_config.= apache_textarea_decode($backend['custom'])."\n\n"; $vh_config.=" </Location>\n\n"; } $vh_config.="</VirtualHost>\n"; @@ -469,7 +628,6 @@ EOF; } } - if ($mods_settings!="") $SecGuardianLog="SecGuardianLog \"|".RULES_DIRECTORY."/util/httpd-guardian\""; @@ -525,7 +683,7 @@ EOF; // Read already configured addresses if (is_array($settings['row'])){ foreach($settings['row'] as $row) { - if ($row['ipaddress'] && $row['ipport']) + if ($row['interface'] && $row['ipport']) $configuredaliases[] = $row; } } @@ -544,8 +702,8 @@ EOF; // Automatically add this to configuration $aplisten=split(":",$namevirtualhost); $config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $aplisten[0], 'ipport' => $aplisten[1]); - } } + } // Process Status Page $mod_status = ""; if ($settings['statuspage'] == "on") { @@ -554,12 +712,12 @@ EOF; SetHandler server-status Order Deny,Allow Deny from all - + EOF; $mod_status .= "Allow from ".($settings['netaccessstatus'] ? $settings['netaccessstatus'] : "All")."\n"; $mod_status .= "</Location>\n"; } - + // update configuration with actual ip bindings write_config($pkg['addedit_string']); diff --git a/config/apache_mod_security-dev/apache_mod_security.template b/config/apache_mod_security-dev/apache_mod_security.template index f6ad6e3e..d004a9ae 100644 --- a/config/apache_mod_security-dev/apache_mod_security.template +++ b/config/apache_mod_security-dev/apache_mod_security.template @@ -1,6 +1,6 @@ <?php // Mod_security enabled? -if($mods_settings['enablemodsecurity']=="on") { +if($mods_settings['enablemodsecurity']=="on") { $enable_mod_security = true; $mod_security = <<< EOF # -- Rule engine initialization ---------------------------------------------- @@ -209,4 +209,4 @@ SecArgumentSeparator & SecCookieFormat 0 EOF; -}
\ No newline at end of file +} diff --git a/config/apache_mod_security-dev/apache_mod_security_groups.xml b/config/apache_mod_security-dev/apache_mod_security_groups.xml index 315d2de0..c4651f45 100644 --- a/config/apache_mod_security-dev/apache_mod_security_groups.xml +++ b/config/apache_mod_security-dev/apache_mod_security_groups.xml @@ -73,7 +73,7 @@ <tab_level>2</tab_level> </tab> </tabs> - <adddeleteeditpagefields> + <adddeleteeditpagefields> <movable>on</movable> <columnitem> <fielddescr>Name</fielddescr> @@ -87,7 +87,7 @@ <fielddescr>Description</fielddescr> <fieldname>description</fieldname> </columnitem> - + </adddeleteeditpagefields> <fields> <field> @@ -109,7 +109,7 @@ <type>input</type> <size>45</size> </field> - + <field> <fielddescr>Base Rules</fielddescr> <fieldname>baserules</fieldname> @@ -202,8 +202,8 @@ <description><![CDATA[<b>modsecurity_crs_10_setup.conf file.</b><br>Leave empty to load setup defaults.]]></description> <type>textarea</type> <encoding>base64</encoding> - <rows>15</rows> - <cols>90</cols> + <rows>15</rows> + <cols>90</cols> </field> <field> <name>Custom mod_security ErrorDocument</name> @@ -217,8 +217,8 @@ <description>Custom mod_security ErrorDocument.</description> <type>textarea</type> <encoding>base64</encoding> - <rows>10</rows> - <cols>90</cols> + <rows>10</rows> + <cols>90</cols> </field> <field> <name>Custom mod_security rules</name> @@ -232,12 +232,12 @@ <description>Paste any custom mod_security rules that you would like to use</description> <type>textarea</type> <encoding>base64</encoding> - <rows>10</rows> - <cols>90</cols> + <rows>10</rows> + <cols>90</cols> </field> </fields> <custom_php_resync_config_command> apache_mod_security_resync(); </custom_php_resync_config_command> <include_file>/usr/local/pkg/apache_mod_security.inc</include_file> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/apache_mod_security-dev/apache_mod_security_manipulation.xml b/config/apache_mod_security-dev/apache_mod_security_manipulation.xml index ab681c66..7477e540 100644 --- a/config/apache_mod_security-dev/apache_mod_security_manipulation.xml +++ b/config/apache_mod_security-dev/apache_mod_security_manipulation.xml @@ -142,4 +142,4 @@ apache_mod_security_resync(); </custom_php_resync_config_command> <include_file>/usr/local/pkg/apache_mod_security.inc</include_file> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/apache_mod_security-dev/apache_mod_security_sync.xml b/config/apache_mod_security-dev/apache_mod_security_sync.xml index 0d8d8c8f..3e1c0a9c 100755 --- a/config/apache_mod_security-dev/apache_mod_security_sync.xml +++ b/config/apache_mod_security-dev/apache_mod_security_sync.xml @@ -68,8 +68,30 @@ <field> <fielddescr>Automatically sync apache configuration changes</fielddescr> <fieldname>synconchanges</fieldname> - <description>Automatically sync apache changes to the hosts defined below.</description> - <type>checkbox</type> + <description>Select a sync method for Apache + ModSecurity.</description> + <type>select</type> + <required/> + <default_value>auto</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> + </field> + <field> + <fielddescr>Sync timeout</fielddescr> + <fieldname>synctimeout</fieldname> + <description>Select sync max wait time</description> + <type>select</type> + <required/> + <default_value>250</default_value> + <options> + <option><name>250 seconds(Default)</name><value>250</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>60 seconds</name><value>60</value></option> + <option><name>30 seconds</name><value>30</value></option> + </options> </field> <field> <fielddescr>Remote Server</fielddescr> diff --git a/config/apache_mod_security-dev/apache_mod_security_view_logs.php b/config/apache_mod_security-dev/apache_mod_security_view_logs.php index 1956a217..669c71f4 100755 --- a/config/apache_mod_security-dev/apache_mod_security_view_logs.php +++ b/config/apache_mod_security-dev/apache_mod_security_view_logs.php @@ -68,7 +68,7 @@ include("head.inc"); <?php $tab_array = array(); $tab_array[] = array(gettext("Apache"), false, "/pkg_edit.php?xml=apache_settings.xml&id=0"); - $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_setttings.xml"); + $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_settings.xml"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=apache_mod_security_sync.xml"); $tab_array[] = array(gettext("Backends"), false, "/pkg.php?xml=apache_mod_security_backends.xml",2); $tab_array[] = array(gettext("VirtualHosts"), false, "/pkg.php?xml=apache_mod_security.xml",2); diff --git a/config/apache_mod_security-dev/apache_settings.xml b/config/apache_mod_security-dev/apache_settings.xml index 2f089616..6b320452 100644 --- a/config/apache_mod_security-dev/apache_settings.xml +++ b/config/apache_mod_security-dev/apache_settings.xml @@ -68,7 +68,7 @@ <tab_level>2</tab_level> </tab> <tab> - <text>Virutal Hosts</text> + <text>Virtual Hosts</text> <url>/pkg.php?xml=apache_virtualhost.xml</url> <tab_level>2</tab_level> </tab> @@ -93,7 +93,7 @@ <fielddescr>Server hostname</fielddescr> <fieldname>hostname</fieldname> <description> - <![CDATA[Enter the servers hostname<br> + <![CDATA[Enter the servers hostname<br/ NOTE: Leave blank to use this devices hostname.]]> </description> <type>input</type> @@ -102,17 +102,19 @@ <fielddescr>Default Bind to IP Address</fielddescr> <fieldname>globalbindtoipaddr</fieldname> <description> - <![CDATA[This is the IP address the Proxy Server will listen on.<br/> - NOTE: Leave blank to bind to *]]> + <![CDATA[This is the IP address the Proxy Server will listen on.]]> </description> - <type>input</type> + <type>interfaces_selection</type> + <showlistenall/> + <showvirtualips/> + <showips/> </field> <field> <fielddescr>Default Bind to port</fielddescr> <fieldname>globalbindtoport</fieldname> <description> <![CDATA[This is the port the Proxy Server will listen on.<br> - NOTE: Leave blank to bind to 80]]> + NOTE: Leave blank to bind to 80]]> </description> <type>input</type> <size>5</size> @@ -281,9 +283,9 @@ <fielddescr>Status Page</fielddescr> <fieldname>statuspage</fieldname> <description> - <![CDATA[Enable a status page for Apache and Mod_proxy. Access http://DefaultBindIP:DefaultBindPort/status-server]]> + <![CDATA[Enable a status page for Apache and Mod_proxy. Access http://DefaultBindIP:DefaultBindPort/status-server]]> </description> - <type>select</type> + <type>select</type> <options> <option><name>Disabled (Default)</name><value>off</value></option> <option><name>Enabled</name><value>on</value></option> @@ -293,7 +295,7 @@ <fielddescr>Network Access Status Page</fielddescr> <fieldname>netaccessstatus</fieldname> <description> - <![CDATA[Networks that can access apache status page. Ex: 172.16.1.0/24<br/> + <![CDATA[Networks that can access apache status page. Ex: 172.16.1.0/24<br/ NOTE: Leave blank to allow access from any ip.(Not recommended for security reasons)]]> </description> <type>input</type> diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php index 77c14176..494f37cd 100644 --- a/config/apache_mod_security-dev/apache_view_logs.php +++ b/config/apache_mod_security-dev/apache_view_logs.php @@ -42,7 +42,7 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if(strstr($pfSversion, "1.2")) $one_two = true; -$pgtitle = "Status: Apache Vhosts Logs"; +$pgtitle = "Status: Apache VirtualHost Logs"; include("head.inc"); ?> @@ -171,8 +171,8 @@ function showLog(content,url,logtype) </tbody> </table> </form> - <div id="bowserinfo" style='padding: 5px; border: 1px dashed #990000; font-weight:bold; font-size: 0.9em; text-align: center; margin: 1px; display:block; height: 12px;'> - <span><span> + <div id="browserinfo" style='padding: 5px; border: 1px dashed #990000; font-weight:bold; font-size: 0.9em; text-align: center; margin: 1px; display:block; height: 12px;'> + <span></span> </div> <!-- Squid Table --> <table width="100%" border="0" cellpadding="0" cellspacing="0"> diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index b3653bdf..53478721 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -4,40 +4,41 @@ <packagegui> <copyright> <![CDATA[ - /* $Id$ */ - /* ========================================================================== */ - /* - apache_virtualhost.xml - part of apache_mod_security package (http://www.pfSense.com) - Copyright (C)2009, 2010 Scott Ullrich - Copyright (C)2012 Marcello Coutinho - All rights reserved. - */ - /* ========================================================================== */ - /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: +/* $Id$ */ +/* ========================================================================== */ +/* + apache_virtualhost.xml + part of apache_mod_security package (http://www.pfSense.com) + Copyright (C)2009, 2010 Scott Ullrich + Copyright (C)2012 Marcello Coutinho + Copyright (C)2013 Stephane Lapie <stephane.lapie@asahinet.com> + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - /* ========================================================================== */ - ]]> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ +]]> </copyright> <name>apachevirtualhost</name> <version>1.0</version> @@ -143,7 +144,7 @@ <tab_level>2</tab_level> </tab> <tab> - <text>Virutal Hosts</text> + <text>Virtual Hosts</text> <url>/pkg.php?xml=apache_virtualhost.xml</url> <tab_level>2</tab_level> <active/> @@ -201,17 +202,14 @@ <description>Select protocols that this virtual host will accept connections</description> <type>select</type> <options> - <option><name>HTTP</name><value>http</value></option> - <option><name>HTTPS</name><value>https</value></option> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> </options> </field> <field> <fielddescr>Server Name(s)</fielddescr> <fieldname>primarysitehostname</fieldname> - <description> - <![CDATA[Enter hostnames one per line in FQDN format for this website (e.g. www.example.com)<br/> - Leave blank and define the IP Address / port above for IP site proxy (i.e. not named site proxy)]]> - </description> + <description><![CDATA[Enter hostnames one per line in FQDN format for this website (e.g. www.example.com)<br/>Leave blank and define the IP Address / port above for IP site proxy (i.e. not named site proxy)]]></description> <cols>40</cols> <rows>2</rows> <type>textarea</type> @@ -238,27 +236,21 @@ <fielddescr>Site Webmaster E-Mail address</fielddescr> <fieldname>siteemail</fieldname> <size>50</size> - <description> - <![CDATA[ - Enter the Webmaster E-Mail address for this site. - ]]> - </description> + <description><![CDATA[Enter the Webmaster E-Mail address for this site.]]></description> <type>input</type> </field> <field> <fielddescr>Site description</fielddescr> <fieldname>description</fieldname> <size>50</size> - <description> - <![CDATA[Enter a site description]]> - </description> + <description><![CDATA[Enter a site description]]></description> <type>input</type> </field> <field> <fielddescr>HTTPS SSL certificate</fielddescr> <fieldname>ssl_cert</fieldname> <description>Choose the SSL Server Certificate here.</description> - <type>select_source</type> + <type>select_source</type> <source><![CDATA[$config['cert']]]></source> <source_name>descr</source_name> <source_value>refid</source_value> @@ -283,62 +275,62 @@ <![CDATA[Location(s)]]> </fielddescr> <fieldname>locations</fieldname> - <type>rowhelper</type> - <dontdisplayname/> + <type>rowhelper</type> + <dontdisplayname/> <usecolspan2/> <movable>on</movable> - <rowhelper> + <rowhelper> <rowhelperfield> - <fielddescr><![CDATA[gzip?]]></fielddescr> - <fieldname>compress</fieldname> - <description>Compress data to save bandwidth?</description> + <fielddescr><![CDATA[gzip?]]></fielddescr> + <fieldname>compress</fieldname> + <description>Compress data to save bandwidth?</description> <type>select</type> <options> - <option><name>yes</name><value>yes</value></option> - <option><name>no</name><value>no</value></option> + <option><name>yes</name><value>yes</value></option> + <option><name>no</name><value>no</value></option> </options> </rowhelperfield> <rowhelperfield> - <fielddescr><![CDATA[site path]]></fielddescr> - <fieldname>sitepath</fieldname> - <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description> - <type>input</type> - <size>12</size> + <fielddescr><![CDATA[Site Path]]></fielddescr> + <fieldname>sitepath</fieldname> + <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description> + <type>input</type> + <size>12</size> </rowhelperfield> <rowhelperfield> <fielddescr><![CDATA[Balancer]]></fielddescr> - <fieldname>balancer</fieldname> - <description>Server balancer / pool</description> + <fieldname>balancer</fieldname> + <description>Server balancer / pool</description> <source><![CDATA[$config['installedpackages']['apachebalancer']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <show_disable_value>none</show_disable_value> <type>select_source</type> - <size>5</size> + <size>5</size> </rowhelperfield> <rowhelperfield> - <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LbMethod</a>]]></fielddescr> - <fieldname>lbmethod</fieldname> - <description>Server balance method</description> - <type>select</type> - <options> - <option><name>byrequests</name><value>byrequests</value></option> - <option><name>bytraffic</name><value>bytraffic</value></option> - <option><name>bybusyness</name><value>bybusyness</value></option> + <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LB Method</a>]]></fielddescr> + <fieldname>lbmethod</fieldname> + <description>Server balance method</description> + <type>select</type> + <options> + <option><name>byrequests</name><value>byrequests</value></option> + <option><name>bytraffic</name><value>bytraffic</value></option> + <option><name>bybusyness</name><value>bybusyness</value></option> </options> </rowhelperfield> <rowhelperfield> - <fielddescr>Backend path</fielddescr> - <fieldname>backendpath</fieldname> - <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description> - <type>input</type> - <size>12</size> + <fielddescr>Backend Path</fielddescr> + <fieldname>backendpath</fieldname> + <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description> + <type>input</type> + <size>12</size> </rowhelperfield> <rowhelperfield> <fielddescr><![CDATA[ModSecurity]]></fielddescr> <fieldname>modsecgroup</fieldname> - <description>Choose Modsecurity group to use on this virtual host.</description> - <type>select_source</type> + <description>Choose ModSecurity group to use on this virtual host.</description> + <type>select_source</type> <source><![CDATA[$config['installedpackages']['apachemodsecuritygroups']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> @@ -348,20 +340,29 @@ <fielddescr><![CDATA[Manipulations]]></fielddescr> <fieldname>modsecmanipulation</fieldname> <description>Choose Modsecurity group to use on this virtual host.</description> - <type>select_source</type> + <type>select_source</type> <source><![CDATA[$config['installedpackages']['apachemodsecuritymanipulation']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <show_disable_value>none</show_disable_value> </rowhelperfield> <rowhelperfield> - <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'> Balancer options</a>]]></fielddescr> - <fieldname>options</fieldname> - <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description> - <type>input</type> - <size>11</size> + <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'> Balancer options</a>]]></fielddescr> + <fieldname>options</fieldname> + <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description> + <type>input</type> + <size>11</size> </rowhelperfield> - </rowhelper> + <rowhelperfield> + <fielddescr>Location Custom Settings</fielddescr> + <fieldname>custom</fieldname> + <description><![CDATA[Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.]]></description> + <type>textarea</type> + <cols>65</cols> + <rows>10</rows> + <encoding>base64</encoding> + </rowhelperfield> + </rowhelper> </field> <field> <name>Logging</name> @@ -370,25 +371,19 @@ <field> <fielddescr>Preserve Proxy hostname</fielddescr> <fieldname>preserveproxyhostname</fieldname> - <description> - <![CDATA[ - When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the backend IP address. - ]]> - </description> + <description><![CDATA[When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the backend IP address.]]></description> <type>checkbox</type> </field> <field> <fielddescr>Log file</fielddescr> <fieldname>logfile</fieldname> - <description> - <![CDATA[Enable access and error log for this virtual host.]]> - </description> + <description><![CDATA[Enable access and error log for this virtual host.]]></description> <type>select</type> - <options> - <option><name>Log to default apache log file</name><value>default</value></option> - <option><name>Create a log file for this site</name><value>create</value></option> - <option><name>Do not not this website</name><value>disabled</value></option> - </options> + <options> + <option><name>Log to default apache log file</name><value>default</value></option> + <option><name>Create a log file for this site</name><value>create</value></option> + <option><name>Do not log this website</name><value>disabled</value></option> + </options> </field> <field> <name>Custom Options</name> @@ -397,7 +392,7 @@ <field> <fielddescr>Custom Options</fielddescr> <fieldname>custom</fieldname> - <description>Paste extra apache config for this virtualhost. This is usefull for rewrite rules for example.</description> + <description>Pass extra Apache config for this VirtualHost. This is useful for Rewrite rules for example.</description> <type>textarea</type> <cols>90</cols> <rows>10</rows> @@ -415,4 +410,4 @@ apache_mod_security_resync(); </custom_php_resync_config_command> <include_file>/usr/local/pkg/apache_mod_security.inc</include_file> -</packagegui>
\ No newline at end of file +</packagegui> |