diff options
Diffstat (limited to 'config/apache_mod_security-dev/apache_mod_security_settings.xml')
-rw-r--r-- | config/apache_mod_security-dev/apache_mod_security_settings.xml | 167 |
1 files changed, 167 insertions, 0 deletions
diff --git a/config/apache_mod_security-dev/apache_mod_security_settings.xml b/config/apache_mod_security-dev/apache_mod_security_settings.xml new file mode 100644 index 00000000..985f6bcc --- /dev/null +++ b/config/apache_mod_security-dev/apache_mod_security_settings.xml @@ -0,0 +1,167 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + apache_mod_security_settings.xml + part of apache_mod_security package (http://www.pfSense.com) + Copyright (C) 2008, 2009, 2010 Scott Ullrich + Copyright (C) 2012 Marcello Coutinho + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <name>apachemodsecuritysettings</name> + <version>1.0</version> + <title>Services: Mod_Security+Apache+Proxy: Settings</title> + <aftersaveredirect>pkg_edit.php?xml=apache_mod_security_settings.xml&id=0</aftersaveredirect> + <tabs> + <tab> + <text>Apache</text> + <url>/pkg_edit.php?xml=apache_settings.xml&id=0</url> + </tab> + <tab> + <text>ModSecurity</text> + <url>/pkg_edit.php?xml=apache_mod_security_settings.xml</url> + <active/> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=apache_mod_security_sync.xml</url> + </tab> + <tab> + <text>Module options</text> + <url>/pkg_edit.php?xml=apache_mod_security_settings.xml</url> + <active/> + <tab_level>2</tab_level> + </tab> + <tab> + <text>Rule Groups</text> + <url>/pkg.php?xml=apache_mod_security_groups.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> + <text>Rule Manipulation</text> + <url>/pkg.php?xml=apache_mod_security_manipulation.xml</url> + <tab_level>2</tab_level> + </tab> + </tabs> + <fields> + <field> + <name>Security options</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>ModSecurity protection</fielddescr> + <fieldname>enablemodsecurity</fieldname> + <description><![CDATA[Enables ModSecurity protection for sites being proxied by apache<br> + More info about ModSecurity can be found here: http://www.modsecurity.org/]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Disable Backend Compression</fielddescr> + <fieldname>secbackendcompression</fieldname> + <description><![CDATA[Disables backend compression while leaving the frontend compression enabled.<br> + This directive is mandatory in reverse proxy mode to ModSecurity be able to inspect response bodies.]]></description> + <type>select</type> + <options> + <option><name>On (Highly recommended)</name><value>on</value></option> + <option><name>Off</name><value>Of</value></option> + </options> + </field> + <field> + <fielddescr>Max request per IP</fielddescr> + <fieldname>SecReadStateLimit</fieldname> + <description> + //274 + <![CDATA[This option limits number of POSTS accepted from same IP address and help prevent the effects of a Slowloris-type of attack.<br> + More info about this attack can be found here: http://en.wikipedia.org/wiki/Slowloris + ]]> + </description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Maximum request body size in memory.</fielddescr> + <fieldname>secrequestbodyinmemorylimit</fieldname> + <description>Configures the maximum request body size ModSecurity will store in memory.</description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Maximum request body size for buffering.</fielddescr> + <fieldname>secrequestbodylimit</fieldname> + <description>Configures the maximum request body size ModSecurity will accept for buffering.</description> + <type>input</type> + <size>10</size> + </field> + <field> + <name>Modsecurity addons</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Http-guardian.pl</fielddescr> + <fieldname>enablehttpdguardian</fieldname> + <description><![CDATA[http-guardian script is designed to monitor all web server requests through the piped logging mechanism. + It keeps track of the number of requests sent from each IP address. Request speed is calculated at 1 minute and 5 minute intervals. + Once a threshold is reached, httpd-guardian can either emit a warning or execute a script to block the IP address.<br> + NOTE: In order for this script to be effective it must be able to see all requests coming to the web server, so no per-virtual host option for this script.]]></description> + <type>select</type> + <options> + <option><name>Disable</name><value></value></option> + <option><name>Enable and block when threshold is reached</name><value>block</value></option> + <option><name>Enable but just log when threshold is reached</name><value>log</value></option> + </options> + </field> + <field> + <fielddescr>Threshold 1min</fielddescr> + <fieldname>threshold1min</fieldname> + <description> + <![CDATA[Max. speed allowed, in requests per second measured over a 1-minute period.]]> + </description> + <type>input</type> + <size>5</size> + </field> + <field> + <fielddescr>Threshold 5min</fielddescr> + <fieldname>threshold5min</fieldname> + <description> + <![CDATA[Max. speed allowed, in requests per second measured over a 5-minute period.]]> + </description> + <type>input</type> + <size>5</size> + </field> + </fields> + <custom_php_resync_config_command> + apache_mod_security_resync(); + </custom_php_resync_config_command> + <include_file>/usr/local/pkg/apache_mod_security.inc</include_file> +</packagegui>
\ No newline at end of file |