aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2013-11-08 20:17:47 -0200
committerMarcello Coutinho <marcellocoutinho@gmail.com>2013-11-08 20:17:47 -0200
commit5a1440a0151d1a80445206e7350e34cf74269ace (patch)
tree6f2742cba7d15a2fdb4bccc53e941abb7984754a /config
parent6993c26b73b883ca3bb65c1655333517ebd9f636 (diff)
downloadpfsense-packages-5a1440a0151d1a80445206e7350e34cf74269ace.tar.gz
pfsense-packages-5a1440a0151d1a80445206e7350e34cf74269ace.tar.bz2
pfsense-packages-5a1440a0151d1a80445206e7350e34cf74269ace.zip
apache-modsecurity-dev - fix apache listening and virtualhosts check
add some new gui options to balancer and virtualhosts tab check if modsecurity rules are present before extracting
Diffstat (limited to 'config')
-rwxr-xr-xconfig/apache_mod_security-dev/apache_balancer.xml18
-rw-r--r--config/apache_mod_security-dev/apache_mod_security.inc68
-rw-r--r--config/apache_mod_security-dev/apache_virtualhost.xml22
-rwxr-xr-xconfig/apache_mod_security-dev/pkg_apache.inc11
4 files changed, 75 insertions, 44 deletions
diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml
index b3acba57..3c8de686 100755
--- a/config/apache_mod_security-dev/apache_balancer.xml
+++ b/config/apache_mod_security-dev/apache_balancer.xml
@@ -139,6 +139,9 @@
<option> <name>HTTP</name> <value>http</value> </option>
<option> <name>HTTPS</name> <value>https</value> </option>
</options>
+ </field> <field>
+ <name><![CDATA[Internal Server(s)]]></name>
+ <type>listtopic</type>
</field>
<field>
<fielddescr>
@@ -146,48 +149,51 @@
</fielddescr>
<fieldname>additionalparameters</fieldname>
<type>rowhelper</type>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <movable>on</movable>
<rowhelper>
<rowhelperfield>
<fielddescr>fqdn or ip</fielddescr>
<fieldname>host</fieldname>
<description>Internal site IP or Hostnamesite</description>
<type>input</type>
- <size>20</size>
+ <size>27</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr>port</fielddescr>
<fieldname>port</fieldname>
<description>Internal site port</description>
<type>input</type>
- <size>4</size>
+ <size>5</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr>routeid</fielddescr>
<fieldname>routeid</fieldname>
<description>id to define stick connections</description>
<type>input</type>
- <size>4</size>
+ <size>6</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr>weight</fielddescr>
<fieldname>loadfactor</fieldname>
<description>Server weight</description>
<type>input</type>
- <size>4</size>
+ <size>6</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr>ping</fielddescr>
<fieldname>ping</fieldname>
<description>Server ping test interval</description>
<type>input</type>
- <size>4</size>
+ <size>6</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr>ttl</fielddescr>
<fieldname>ttl</fieldname>
<description>Server pint ttl</description>
<type>input</type>
- <size>4</size>
+ <size>6</size>
</rowhelperfield>
</rowhelper>
</field>
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc
index fb83f9a6..8ca5b4e3 100644
--- a/config/apache_mod_security-dev/apache_mod_security.inc
+++ b/config/apache_mod_security-dev/apache_mod_security.inc
@@ -27,7 +27,7 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
-
+$shortcut_section = "apache";
// Check to find out on which system the package is running
$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
if ($pf_version > 2.0)
@@ -127,20 +127,23 @@ function apache_mod_security_resync() {
global $config, $g;
apache_mod_security_install();
$dirs=array("base", "experimental","optional", "slr");
- if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE"))
- exec ("tar -xzf /usr/local/pkg/modsecurity-crs_2.2.5.tar.gz -C ".APACHEDIR);
- $write_config=0;
- foreach ($dirs as $dir){
- if ($handle = opendir(APACHEDIR ."/".MODSECURITY_DIR."/{$dir}_rules")) {
- $write_config++;
- $config['installedpackages']["modsecurityfiles{$dir}"]['config']=array();
- while (false !== ($entry = readdir($handle))) {
- if (preg_match("/(\S+).conf/",$entry,$matches))
- $config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]);
- }
- closedir($handle);
+ $ms_file="/usr/local/pkg/modsecurity-crs_2.2.5.tar.gz";
+ if (file_exists($ms_file)){
+ if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE"))
+ exec ("tar -xzf $ms_file -C ".APACHEDIR);
+ $write_config=0;
+ foreach ($dirs as $dir){
+ if ($handle = opendir(APACHEDIR ."/".MODSECURITY_DIR."/{$dir}_rules")) {
+ $write_config++;
+ $config['installedpackages']["modsecurityfiles{$dir}"]['config']=array();
+ while (false !== ($entry = readdir($handle))) {
+ if (preg_match("/(\S+).conf/",$entry,$matches))
+ $config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]);
+ }
+ closedir($handle);
+ }
+ }
}
- }
if ($write_config > 0)
write_config();
apache_mod_security_checkconfig();
@@ -230,7 +233,8 @@ function generate_apache_configuration() {
//performance settings
//reference http://httpd.apache.org/docs/2.2/mod/mpm_common.html
- $performance_settings="KeepAlive {$settings['keepalive']}\n";
+ $keepalive=($settings['keepalive']?$settings['keepalive']:"on");
+ $performance_settings="KeepAlive {$keepalive}\n";
if ($settings['maxkeepalivereq'])
$performance_settings .= "MaxKeepAliveRequests {$settings['maxkeepalivereq']}\n";
if ($settings['keepalivetimeout'])
@@ -313,6 +317,8 @@ function generate_apache_configuration() {
}
//configure virtual hosts
+ $namevirtualhosts=array();
+ $namevirtualhosts[0]=$global_listen;
if (is_array($config['installedpackages']['apachevirtualhost'])){
$vh_config= <<<EOF
##################################################################################
@@ -332,6 +338,9 @@ EOF;
$iface_address = apache_get_real_interface_address($virtualhost['interface']);
$ip=$iface_address[0];
$port=($virtualhost['port'] ? $virtualhost['port'] : $default_port[$virtualhost['proto']]);
+ if (!in_array("{$ip}:{$port}",$namevirtualhosts))
+ $namevirtualhosts[]="{$ip}:{$port}";
+
$vh_config.="# {$virtualhost['description']}\n";
$vh_config.="<VirtualHost {$ip}:{$port}>\n";
$vh_config.=" ServerName ". preg_replace ("/\r\n(\S+)/","\n ServerAlias $1",base64_decode($virtualhost['primarysitehostname'])) ."\n";
@@ -487,31 +496,22 @@ EOF;
// clear list of bound addresses before updating
$config['installedpackages']['apachesettings']['config'][0]['row'] = array();
-
// Process proxy sites
// Configure NameVirtualHost directives
$aliases = "";
- $processed = array();
- if(is_array($config['installedpackages']['apachemodsecurity'])) {
- foreach($config['installedpackages']['apachemodsecurity']['config'] as $ams) {
- if($ams['ipaddress'] && $ams['port'])
- $local_ip_port = "{$ams['ipaddress']}:{$ams['port']}";
- else
- $local_ip_port = $global_listen;
- // Do not add entries twice.
- if(!in_array($local_ip_port, $processed)) {
- // explicit bind if not global ip:port
- if ($local_ip_port != $global_listen) {
- $aliases .= "Listen $local_ip_port\n";
- // Automatically add this to configuration
- $config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $ams['ipaddress'], 'ipport' => $ams['port']);
- }
- $mod_proxy .= "NameVirtualHost $local_ip_port\n";
- $processed[] = $local_ip_port;
+ //add NameVirtualHost and listening entries to configured virtualhosts
+ foreach ($namevirtualhosts as $namevirtualhost){
+ // explicit bind if not global ip:port
+ if ($namevirtualhost != $global_listen) {
+ $mod_proxy .= "NameVirtualHost {$namevirtualhost}\n";
+ $aliases .= "Listen $namevirtualhost\n";
+ // Automatically add this to configuration
+ $aplisten=split(":",$namevirtualhost);
+ $config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $aplisten[0], 'ipport' => $aplisten[1]);
}
}
- }
+
//** Uncomment to allow adding ip/ports not used by any site proxies
//** Otherwise unused addresses/ports will be automatically deleted from the configuration
// foreach ($configuredaliases as $ams) {
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml
index f971b570..32b9e29c 100644
--- a/config/apache_mod_security-dev/apache_virtualhost.xml
+++ b/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -113,6 +113,11 @@
<chmod>0644</chmod>
<item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_view_logs.php</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/shortcuts/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.org/packages/config/bind/pkg_apache.inc</item>
+ </additional_files_needed>
<tabs>
<tab>
<text>Apache</text>
@@ -150,9 +155,12 @@
</tab>
</tabs>
<adddeleteeditpagefields>
+ <movable>on</movable>
<columnitem>
<fielddescr>Status</fielddescr>
<fieldname>enable</fieldname>
+ <listmodeon>Enabled</listmodeon>
+ <listmodeoff>Disabled</listmodeoff>
</columnitem>
<columnitem>
<fielddescr>Iface</fielddescr>
@@ -267,11 +275,18 @@
<show_disable_value>none</show_disable_value>
</field>
<field>
+ <name><![CDATA[Location(s)]]></name>
+ <type>listtopic</type>
+ </field>
+ <field>
<fielddescr>
<![CDATA[Location(s)]]>
</fielddescr>
<fieldname>locations</fieldname>
<type>rowhelper</type>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <movable>on</movable>
<rowhelper>
<rowhelperfield>
<fielddescr><![CDATA[gzip?]]></fielddescr>
@@ -288,7 +303,7 @@
<fieldname>sitepath</fieldname>
<description><![CDATA[Site path to publish.<br>leave blank to use /]]></description>
<type>input</type>
- <size>5</size>
+ <size>13</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr><![CDATA[Balancer]]></fielddescr>
@@ -317,7 +332,7 @@
<fieldname>backendpath</fieldname>
<description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description>
<type>input</type>
- <size>5</size>
+ <size>13</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr><![CDATA[ModSecurity]]></fielddescr>
@@ -344,7 +359,7 @@
<fieldname>options</fieldname>
<description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description>
<type>input</type>
- <size>5</size>
+ <size>12</size>
</rowhelperfield>
</rowhelper>
</field>
@@ -388,7 +403,6 @@
<rows>10</rows>
<encoding>base64</encoding>
</field>
-
</fields>
<service>
<name>apache_mod_security</name>
diff --git a/config/apache_mod_security-dev/pkg_apache.inc b/config/apache_mod_security-dev/pkg_apache.inc
new file mode 100755
index 00000000..97fb2417
--- /dev/null
+++ b/config/apache_mod_security-dev/pkg_apache.inc
@@ -0,0 +1,11 @@
+<?php
+
+global $shortcuts;
+
+$shortcuts['apache'] = array();
+$shortcuts['apache']['main'] = "pkg_edit.php?xml=apache_virtualhost.xml";
+$shortcuts['apache']['log'] = "diag_logs.php";
+$shortcuts['apache']['status'] = "status_services.php";
+$shortcuts['apache']['service'] = "apache_mod_security";
+
+?>