aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/apache_mod_security/apache_mod_security.inc111
1 files changed, 93 insertions, 18 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc
index 2f533b0d..0a323701 100644
--- a/config/apache_mod_security/apache_mod_security.inc
+++ b/config/apache_mod_security/apache_mod_security.inc
@@ -1,27 +1,97 @@
<?php
+/*
+ apache_mod_security.inc
+ part of the apache_mod_security package for pfSense
+ Copyright (C) 2009 Scott Ullrich
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
if(!is_dir("/usr/local/apachemodsecurity")) {
safe_mkdir("/usr/local/apachemodsecurity");
conf_mount_rw();
}
+function apache_mod_security_start() {
+ exec("/usr/local/sbin/httpd");
+}
+
+function apache_mod_security_stop() {
+ exec("/usr/bin/killall httpd");
+}
+
+function apache_mod_security_restart() {
+ apache_mod_security_stop();
+ apache_mod_security_start();
+}
+
function apache_mod_security_install() {
global $config, $g;
+
+ $filename = "apache_mod_security.sh";
+
+ $start = "php -q -d auto_prepend_file=config.inc <<ENDPHP
+ <?php
+ require_once(\"functions.inc\");
+ require_once(\"/usr/local/pkg/apache_mod_security.inc\");
+ apache_mod_security_start();
+ ?>
+ ENDPHP\n";
+
+ $stop = "php -q -d auto_prepend_file=config.inc <<ENDPHP
+ <?php
+ require_once(\"functions.inc\");
+ require_once(\"/usr/local/pkg/apache_mod_security.inc\");
+ apache_mod_security_stop();
+ ?>
+ ENDPHP\n";
+
+ write_rcfile(array(
+ "file" => $filename,
+ "start" => $start,
+ "stop" => $stop
+ )
+ );
+
}
function apache_mod_security_deinstall() {
global $config, $g;
- exec("rm -rf /usr/local/apachemodsecurity");
+ exec("/bin/rm -rf /usr/local/apachemodsecurity");
+ exec("/bin/rm -f /usr/local/etc/rc.d/apache_mod_security.sh");
}
+// Regenerate apache configuration and handle server restart
function apache_mod_security_resync() {
global $config, $g;
generate_apache_configuration();
+ apache_mod_security_restart();
}
// Generate mod_proxy specific configuration
function generate_apache_configuration() {
global $config, $g;
+ $mod_proxy = "";
// Set global site e-mail
if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalsiteadminemail']) {
@@ -53,29 +123,30 @@ function generate_apache_configuration() {
$global_listen .= ":80";
}
+ // Setup mem_cache
+ if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_mem_cache']) {
+ if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_mem_cache_size'])
+ $mcachesize = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_mem_cache_size'];
+ else
+ $mcachesize = "100";
+ $mem_cache = "MCacheSize $mcachesize\n";
+ }
-
- // XXX The maximum amount of memory used by the cache in KBytes
- //MCacheSize 700000
// CacheRoot Directive
- // CacheRoot /var/apache_mod_security_cache
- // htcacheclean can be used to maintain the cache size at a maximum level.
- // XXX
-
-
-
- // Syntax:ProxyPreserveHost On|Off ?
- $mod_proxy = "ProxyRequests on\n";
-
- $mod_proxy = <<<EOF
+ if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_disk_cache']) {
+ safe_mkdir("/var/db/apachemodsecuritycache");
+ $cache_root .= "CacheRoot /var/db/apachemodsecuritycache\n";
+ }
+
+ $mod_proxy .= <<<EOF
+// Off when using ProxyPass
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
-</Proxy>
-
+</Proxy>
EOF;
@@ -186,6 +257,8 @@ EOF;
SecRequestBodyInMemoryLimit 131072
SecRequestBodyLimit 10485760
+ {$mod_security_custom}
+
SecResponseBodyMimeTypesClear
SecResponseBodyMimeType (null) text/plain text/html text/css text/xml
@@ -294,8 +367,6 @@ EOF;
#phpMyAdmin path vln
SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc"
- {$mod_security_custom}
-
</IfModule>
EOF;
@@ -774,6 +845,10 @@ SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
+# Cache settings
+{$mem_cache}
+{$cache_root}
+
# Mod security
{$mod_security}