diff options
| -rw-r--r-- | config/apache_mod_security-dev/apache.template | 8 | ||||
| -rw-r--r-- | config/apache_mod_security-dev/apache_mod_security.inc | 19 | ||||
| -rw-r--r-- | config/apache_mod_security-dev/apache_settings.xml | 26 | ||||
| -rw-r--r-- | config/apache_mod_security-dev/apache_virtualhost.xml | 10 | ||||
| -rw-r--r-- | pkg_config.8.xml | 2 | ||||
| -rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
6 files changed, 29 insertions, 38 deletions
diff --git a/config/apache_mod_security-dev/apache.template b/config/apache_mod_security-dev/apache.template index 362e28a4..12a36b69 100644 --- a/config/apache_mod_security-dev/apache.template +++ b/config/apache_mod_security-dev/apache.template @@ -197,8 +197,6 @@ DocumentRoot "{$apache_dir}/www/apache22" Deny from all </Directory> -{$mod_status} - # # Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as @@ -506,9 +504,13 @@ AcceptFilter https none # Proxysettings {$mod_proxy} +# Mod status +{$mod_status} + + # Include anything else Include etc/apache22/Includes/*.conf EOF; -?> +?>
\ No newline at end of file diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 615a7fc4..f21dcbdc 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -548,31 +548,18 @@ EOF; } // Process Status Page $mod_status = ""; - if ($setting('statuspage') == "on") { + if ($settings['statuspage'] == "on") { $mod_status .= <<<EOF <Location /server-status> SetHandler server-status Order Deny,Allow Deny from all + EOF; - $mod_status .= "Allow from ".($settings['netaccessstatus'] ? $settings['netaccessstatus'] : "All")."\n"; + $mod_status .= "Allow from ".($settings['netaccessstatus'] ? $settings['netaccessstatus'] : "All")."\n"; $mod_status .= "</Location>\n"; } -//** Uncomment to allow adding ip/ports not used by any site proxies -//** Otherwise unused addresses/ports will be automatically deleted from the configuration -// foreach ($configuredaliases as $ams) { -// $local_ip_port = "{$ams['ipaddress']}:{$ams['ipport']}"; -// if(!in_array($local_ip_port, $processed)) { -// // explicit bind if not global ip:port -// if ($local_ip_port != $global_listen) { -// $aliases .= "Listen $local_ip_port\n"; -// // Automatically add this to configuration -// $config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $ams['ipaddress'], 'ipport' => $ams['ipport']); -// } -// } -// } - // update configuration with actual ip bindings write_config($pkg['addedit_string']); diff --git a/config/apache_mod_security-dev/apache_settings.xml b/config/apache_mod_security-dev/apache_settings.xml index de350cf1..2f089616 100644 --- a/config/apache_mod_security-dev/apache_settings.xml +++ b/config/apache_mod_security-dev/apache_settings.xml @@ -278,23 +278,23 @@ <type>listtopic</type> </field> <field> - <fielddescr>Status Page</fielddescr> - <fieldname>statuspage</fieldname> - <description> - <![CDATA[Enable a status page for Apache and Mod_proxy. Access http://DefaultBindIP:DefaultBindPort/status-server]]> - </description> - <type>select</type> - <options> - <option><name>On</name><value>on</value></option> - <option><name>Off</name><value>off</value></option> - </options> - </field> + <fielddescr>Status Page</fielddescr> + <fieldname>statuspage</fieldname> + <description> + <![CDATA[Enable a status page for Apache and Mod_proxy. Access http://DefaultBindIP:DefaultBindPort/status-server]]> + </description> + <type>select</type> + <options> + <option><name>Disabled (Default)</name><value>off</value></option> + <option><name>Enabled</name><value>on</value></option> + </options> + </field> <field> <fielddescr>Network Access Status Page</fielddescr> <fieldname>netaccessstatus</fieldname> <description> - <![CDATA[Network can access a status page. Ex: 172.16.1.0/24<br/> - NOTE: Leave blank define all networks]]> + <![CDATA[Networks that can access apache status page. Ex: 172.16.1.0/24<br/> + NOTE: Leave blank to allow access from any ip.(Not recommended for security reasons)]]> </description> <type>input</type> </field> diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index 7a3737cd..b3653bdf 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -303,7 +303,7 @@ <fieldname>sitepath</fieldname> <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description> <type>input</type> - <size>13</size> + <size>12</size> </rowhelperfield> <rowhelperfield> <fielddescr><![CDATA[Balancer]]></fielddescr> @@ -332,7 +332,7 @@ <fieldname>backendpath</fieldname> <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description> <type>input</type> - <size>13</size> + <size>12</size> </rowhelperfield> <rowhelperfield> <fielddescr><![CDATA[ModSecurity]]></fielddescr> @@ -359,7 +359,7 @@ <fieldname>options</fieldname> <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description> <type>input</type> - <size>12</size> + <size>11</size> </rowhelperfield> </rowhelper> </field> @@ -399,9 +399,11 @@ <fieldname>custom</fieldname> <description>Paste extra apache config for this virtualhost. This is usefull for rewrite rules for example.</description> <type>textarea</type> - <cols>65</cols> + <cols>90</cols> <rows>10</rows> <encoding>base64</encoding> + <dontdisplayname/> + <usecolspan2/> </field> </fields> <service> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 87af456e..3aaa00ff 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -214,7 +214,7 @@ <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>2.2.23 pkg v0.2.3</version> + <version>2.2.23 pkg v0.2.4</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 090bc71a..ff9a1d09 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -201,7 +201,7 @@ <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>2.2.23 pkg v0.2.3</version> + <version>2.2.23 pkg v0.2.4</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> |