aboutsummaryrefslogtreecommitdiffstats
path: root/config/apache_mod_security
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2011-03-12 17:06:56 -0500
committerScott Ullrich <sullrich@pfsense.org>2011-03-12 17:06:56 -0500
commit962c3f572905f3266b77b414eeb86880899ea03a (patch)
treec2ee1d7df18ba9d33f8185114676197d9660b9f9 /config/apache_mod_security
parent6ef4b499789533aafb87b94b090dd9812a74ab3d (diff)
downloadpfsense-packages-962c3f572905f3266b77b414eeb86880899ea03a.tar.gz
pfsense-packages-962c3f572905f3266b77b414eeb86880899ea03a.tar.bz2
pfsense-packages-962c3f572905f3266b77b414eeb86880899ea03a.zip
Adding patch from Matthew J Dovey for site proxy, certificatefiles and HTTPS cert options
Diffstat (limited to 'config/apache_mod_security')
-rw-r--r--config/apache_mod_security/apache_mod_security.inc22
-rw-r--r--config/apache_mod_security/apache_mod_security.xml36
2 files changed, 58 insertions, 0 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc
index f89c7ed1..1349ab8c 100644
--- a/config/apache_mod_security/apache_mod_security.inc
+++ b/config/apache_mod_security/apache_mod_security.inc
@@ -279,6 +279,10 @@ EOF;
$local_ip_port = $global_listen;
// Do not add entries twice.
if(!in_array($local_ip_port, $processed)) {
+ // explicit bind if not global ip:port
+ if ($local_ip_port != $global_listen) {
+ $mod_proxy .= "Listen $local_ip_port\n";
+ }
$mod_proxy .= "NameVirtualHost $local_ip_port\n";
$processed[] = $local_ip_port;
}
@@ -337,8 +341,26 @@ EOF;
$backend_sites = " balancer://{$sitename}\n";
$sitename = ""; // we are not using sitename in this case
}
+ // Set SSL items
+ if($ams['siteurl'])
+ $siteurl = $ams['siteurl'];
+ if($ams['certificatefile'])
+ $certificatefile = $ams['certificatefile'];
+ if($ams['certificatekeyfile'])
+ $certificatekeyfile = $ams['certificatekeyfile'];
+ if($ams['certificatechainfile'])
+ $certificatechainfile = $ams['certificatechainfile'];
// Begin VirtualHost
$mod_proxy .= "\n<VirtualHost {$local_ip_port}>\n";
+ if($siteurl == "HTTPS" && $certificatefile && $certificatekeyfile) {
+ $mod_proxy .= " SSLEngine on\n";
+ if ($certificatefile)
+ $mod_proxy .= " SSLCertificateFile /usr/local/etc/apache22/$certificatefile\n";
+ if ($certificatekeyfile)
+ $mod_proxy .= " SSLCertificateKeyFile /usr/local/etc/apache22/$certificatekeyfile\n";
+ if ($certificatechainfile)
+ $mod_proxy .= " SSLCertificateChainFile /usr/local/etc/apache22/$certificatechainfile\n";
+ }
if($additionalsitehostnames)
$mod_proxy .= " ServerAlias $additionalsitehostnames\n";
if($serveradmin)
diff --git a/config/apache_mod_security/apache_mod_security.xml b/config/apache_mod_security/apache_mod_security.xml
index ef56609b..f2cba156 100644
--- a/config/apache_mod_security/apache_mod_security.xml
+++ b/config/apache_mod_security/apache_mod_security.xml
@@ -134,6 +134,42 @@
<type>input</type>
</field>
<field>
+ <fielddescr>Certificate File</fielddescr>
+ <fieldname>certificatefile</fieldname>
+ <description>
+ <![CDATA[
+ Name of certificate file under /usr/local/apache22/etc/<br/>
+ (required if Protocol is https)
+ ]]>
+ </description>
+ <size>40</size>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Certificate Key File</fielddescr>
+ <fieldname>certificatekeyfile</fieldname>
+ <description>
+ <![CDATA[
+ Name of certificate key file under /usr/local/apache22/etc/<br/>
+ (required if Protocol is https)
+ ]]>
+ </description>
+ <size>40</size>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Certificate Chain File</fielddescr>
+ <fieldname>certificatechainfile</fieldname>
+ <description>
+ <![CDATA[
+ Name of certificate chain file under /usr/local/apache22/etc/<br/>
+ (not required)
+ ]]>
+ </description>
+ <size>40</size>
+ <type>input</type>
+ </field>
+ <field>
<fielddescr>Preserve Proxy hostname</fielddescr>
<fieldname>preserveproxyhostname</fieldname>
<description>