diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-23 16:40:01 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-23 16:40:12 -0500 |
| commit | dac6b5617dc0ebea6b68c4eda354649780cda217 (patch) | |
| tree | 3af83b585cd45452107a0bab712b8029b402146b /config/apache_mod_security | |
| parent | 5916e670ad3182efb162e98f186888422f2b7465 (diff) | |
| download | pfsense-packages-dac6b5617dc0ebea6b68c4eda354649780cda217.tar.gz pfsense-packages-dac6b5617dc0ebea6b68c4eda354649780cda217.tar.bz2 pfsense-packages-dac6b5617dc0ebea6b68c4eda354649780cda217.zip | |
Adding SecReadStateLimit. Requires 2.5.13 which should be out shortly.
Diffstat (limited to 'config/apache_mod_security')
| -rw-r--r-- | config/apache_mod_security/apache_mod_security.inc | 9 | ||||
| -rw-r--r-- | config/apache_mod_security/apache_mod_security_settings.xml | 11 |
2 files changed, 19 insertions, 1 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc index 4eb24c2c..38d53601 100644 --- a/config/apache_mod_security/apache_mod_security.inc +++ b/config/apache_mod_security/apache_mod_security.inc @@ -221,6 +221,12 @@ function generate_apache_configuration() { else $secauditengine = "RelevantOnly"; + // SecReadStateLimit + if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['SecReadStateLimit']) + $secreadstatelimit = "SecReadStateLimit " . $config['installedpackages']['apachemodsecuritysettings']['config'][0]['SecReadStateLimit'] ."\n"; + else + $secreadstatelimit = ""; + $mod_proxy .= <<<EOF # Off when using ProxyPass @@ -409,6 +415,9 @@ EOF; # Only allow bytes from this range SecFilterForceByteRange 1 255 + # Help prevent the effects of a Slowloris-type of attack + $secreadstatelimit + # Cookie format checks. SecFilterCheckCookieFormat On diff --git a/config/apache_mod_security/apache_mod_security_settings.xml b/config/apache_mod_security/apache_mod_security_settings.xml index e313f3c8..4bbc4ea2 100644 --- a/config/apache_mod_security/apache_mod_security_settings.xml +++ b/config/apache_mod_security/apache_mod_security_settings.xml @@ -120,7 +120,6 @@ </description> <type>input</type> </field> - <field> <fielddescr>Use mod_disk_cache</fielddescr> <fieldname>mod_disk_cache</fieldname> @@ -142,6 +141,16 @@ <type>input</type> </field> <field> + <fielddescr>Limits number of POSTS accepted from same IP address</fielddescr> + <fieldname>SecReadStateLimit</fieldname> + <description> + <![CDATA[ + Help prevent the effects of a Slowloris-type of attack. More information about this attack can be found here: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html + ]]> + </description> + <type>input</type> + </field> + <field> <fielddescr>Configures the maximum request body size ModSecurity will store in memory.</fielddescr> <fieldname>secrequestbodyinmemorylimit</fieldname> <description>Configures the maximum request body size ModSecurity will store in memory.</description> |