diff options
Diffstat (limited to 'config/apache_mod_security-dev')
10 files changed, 329 insertions, 354 deletions
diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml index 7cb9774b..5e02f9d4 100755 --- a/config/apache_mod_security-dev/apache_balancer.xml +++ b/config/apache_mod_security-dev/apache_balancer.xml @@ -75,6 +75,11 @@ <active/> </tab> <tab> + <text>Location(s)</text> + <url>/pkg.php?xml=apache_location.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> <text>Virtual Hosts</text> <url>/pkg.php?xml=apache_virtualhost.xml</url> <tab_level>2</tab_level> @@ -107,20 +112,20 @@ </adddeleteeditpagefields> <fields> <field> - <name>apache Reverse Peer Mappings</name> + <name>Apache Reverse Peer Mappings</name> <type>listtopic</type> </field> <field> <fielddescr>Enable</fielddescr> <fieldname>enable</fieldname> - <description>If this field is checked, then this server poll will be available for virtual hosts config.</description> + <description>If this field is checked, then this server pool will be available for Virtual Hosts configuration.</description> <type>checkbox</type> </field> <field> <fielddescr>Balancer name</fielddescr> <fieldname>name</fieldname> - <description><![CDATA[Name to identify this peer on apache conf<br> - example: www_site1]]></description> + <description><![CDATA[Name to identify this peer in Apache configuration<br> + Example: www_site1]]></description> <type>input</type> <size>20</size> </field> @@ -134,7 +139,7 @@ <field> <fielddescr>Protocol</fielddescr> <fieldname>proto</fieldname> - <description><![CDATA[Protocol listening on this internal server(s) port.]]></description> + <description><![CDATA[Protocol used on the internal server(s).]]></description> <type>select</type> <options> <option> <name>HTTP</name> <value>http</value> </option> @@ -156,40 +161,40 @@ <rowhelperfield> <fielddescr>FQDN or IP Address</fielddescr> <fieldname>host</fieldname> - <description>Internal site IP or Hostnamesite</description> + <description>Internal site IP or site hostname</description> <type>input</type> <size>27</size> </rowhelperfield> <rowhelperfield> - <fielddescr>port</fielddescr> + <fielddescr>Port</fielddescr> <fieldname>port</fieldname> <description>Internal site port</description> <type>input</type> <size>5</size> </rowhelperfield> <rowhelperfield> - <fielddescr>routeid</fielddescr> + <fielddescr>Route ID</fielddescr> <fieldname>routeid</fieldname> <description>ID to define sticky connections</description> <type>input</type> <size>6</size> </rowhelperfield> <rowhelperfield> - <fielddescr>weight</fielddescr> + <fielddescr>Weight</fielddescr> <fieldname>loadfactor</fieldname> <description>Server weight</description> <type>input</type> <size>4</size> </rowhelperfield> <rowhelperfield> - <fielddescr>ping</fielddescr> + <fielddescr>Ping</fielddescr> <fieldname>ping</fieldname> <description>Server ping test interval</description> <type>input</type> <size>6</size> </rowhelperfield> <rowhelperfield> - <fielddescr>ttl</fielddescr> + <fielddescr>TTL</fielddescr> <fieldname>ttl</fieldname> <description>Server ping TTL</description> <type>input</type> diff --git a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php deleted file mode 100644 index 5448f850..00000000 --- a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php +++ /dev/null @@ -1,205 +0,0 @@ -<?php -/* ========================================================================== */ -/* - apache_view_logs.php - part of pfSense (http://www.pfSense.com) - Copyright (C) 2009, 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2012 Marcello Coutinho - Copyright (C) 2012 Carlos Cesario - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -require_once("/etc/inc/util.inc"); -require_once("/etc/inc/functions.inc"); -require_once("/etc/inc/pkg-utils.inc"); -require_once("/etc/inc/globals.inc"); -require_once("guiconfig.inc"); -require_once("apache_mod_security.inc"); - -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) - $one_two = true; - -$pgtitle = "Apache reverse proxy: Apache VirtualHost Location"; - -$virtualhost_id = $_GET['virtualhost_id']; -if (isset($_POST['virtualhost_id'])) - $virtualhost_id = $_POST['virtualhost_id']; - -$backend_id = $_GET['backend_id']; -if (isset($_POST['backend_id'])) - $backend_id = $_POST['backend_id']; - -if (is_array($config['installedpackages']['apachevirtualhost']['config']) && is_array($config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id])) - $virtualhost = &$config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id]; -if (is_array($virtualhost['row']) && is_array($virtualhost['row'][$backend_id])) - $backend = &$virtualhost['row'][$backend_id]; - -/* - * Not having a virtualhost->backend entry means we can't do this. - */ -if (! $backend) { - $input_errors[] = gettext("Requested VirtualHost (ID={$virtualhost_id}) or Backend (ID={$backend_id}) does not exist."); -} - - -if ($_POST) { - unset($input_errors); - - /* - * Check for a valid expirationdate if one is set at all (valid means, - * DateTime puts out a time stamp so any DateTime compatible time - * format may be used. to keep it simple for the enduser, we only - * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs - * like "+1 day", which will be converted to MM/DD/YYYY based on "now". - * Otherwhise such an entry would lead to an invalid expiration data. - */ - if ($_POST['expires']) { - try { - $expdate = new DateTime($_POST['expires']); - //convert from any DateTime compatible date to MM/DD/YYYY - $_POST['expires'] = $expdate->format("m/d/Y"); - } catch ( Exception $ex ) { - $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); - } - } - - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } - - if (!$input_errors) { - if ($_POST['custom']) - $backend['custom'] = base64_encode($_POST['custom']); - else - unset($backend['custom']); - - write_config("Saved Location Custom Settings for location {$backend['sitepath']} on virtual host '{$virtualhost['primarysitehostname']}'"); - apache_mod_security_resync(); - pfSenseHeader("apache_edit_virtualhost_location.php?virtualhost_id={$virtualhost_id}&backend_id={$backend_id}"); - } -} - -include("head.inc"); -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> - -<?php if($one_two): ?> - - <p class="pgtitle"><?=$pgtitle?></font></p> - -<?php endif; ?> - -<?php - if ($input_errors) - print_input_errors($input_errors); - if ($savemsg) - print_info_box($savemsg); -?> - -<div id="mainlevel"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> - <?php - $tab_array = array(); - $tab_array[] = array(gettext("Apache"), true, "/pkg_edit.php?xml=apache_settings.xml&id=0"); - $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_settings.xml"); - $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=apache_mod_security_sync.xml"); - display_top_tabs($tab_array); - ?> - </td></tr> - <tr><td> - <?php - unset ($tab_array); - $tab_array[] = array(gettext("Daemon Options"), false, "pkg_edit.php?xml=apache_settings.xml"); - $tab_array[] = array(gettext("Backends / Balancers"), false, "/pkg.php?xml=apache_balancer.xml"); - $tab_array[] = array(gettext("Virtual Hosts"), true, "/pkg.php?xml=apache_virtualhost.xml"); - $tab_array[] = array(gettext("Logs"), false, "/apache_view_logs.php"); - display_top_tabs($tab_array); - ?> - </td></tr> - <tr><td> - <div id="mainarea" style="padding-top: 0px; padding-bottom: 0px; "> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"><tbody> - <form action="apache_edit_virtualhost_location.php" id="paramsForm" name="paramsForm" method="post"> - <tr> - <td width="22%" valign="top" class="vncellreq">Primary Site Hostname</td> - <td width="78%" class="vtable"> - <span class="vexpl"> - <?=base64_decode($virtualhost['primarysitehostname']);?> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Current Site Path</td> - <td width="78%" class="vtable"> - <span class="vexpl"> - <?=$backend['sitepath'];?> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Location Custom Settings");?></td> - <td width="78%" class="vtable"> - <textarea name='custom' rows='10' cols='65' id='custom'><?=base64_decode($backend['custom']);?></textarea> - <br/> - <span class="vexpl"> - <?=gettext("Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.");?> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> -<?php if (isset($virtualhost_id)): ?> - <input name="virtualhost_id" type="hidden" value="<?=$virtualhost_id;?>" /> -<?php endif;?> -<?php if (isset($backend_id)): ?> - <input name="backend_id" type="hidden" value="<?=$backend_id;?>" /> -<?php endif;?> - <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <input id="cancel" name="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> - </td> - </tr> - </form> - </tbody></table> - </div> - </td></tr> - </table> -</div> - - -<?php -include("fend.inc"); -?> - -</body> -</html> diff --git a/config/apache_mod_security-dev/apache_location.xml b/config/apache_mod_security-dev/apache_location.xml new file mode 100644 index 00000000..ea957f43 --- /dev/null +++ b/config/apache_mod_security-dev/apache_location.xml @@ -0,0 +1,237 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + apache_location.xml + part of apache_mod_security package (http://www.pfSense.com) + Copyright (C)2012 Marcello Coutinho + Copyright (C)2013 Stephane Lapie <stephane.lapie@asahinet.com> + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ +]]> + </copyright> + <name>apachelocation</name> + <version>1.0</version> + <title>Apache reverse proxy: Locations</title> + + <tabs> + <tab> + <text>Apache</text> + <url>/pkg_edit.php?xml=apache_settings.xml&id=0</url> + <active/> + </tab> + <tab> + <text>ModSecurity</text> + <url>/pkg_edit.php?xml=apache_mod_security_settings.xml</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=apache_mod_security_sync.xml</url> + </tab> + <tab> + <text>Daemon Options</text> + <url>/pkg_edit.php?xml=apache_settings.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> + <text>Backends / Balancers</text> + <url>/pkg.php?xml=apache_balancer.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> + <text>Location(s)</text> + <url>/pkg.php?xml=apache_location.xml</url> + <active/> + <tab_level>2</tab_level> + </tab> + <tab> + <text>Virtual Hosts</text> + <url>/pkg.php?xml=apache_virtualhost.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> + <text>Logs</text> + <url>/apache_view_logs.php</url> + <tab_level>2</tab_level> + </tab> + </tabs> + <adddeleteeditpagefields> + <movable>on</movable> + <columnitem> + <fielddescr>Identifier</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Compress</fielddescr> + <fieldname>compress</fieldname> + </columnitem> + <columnitem> + <fielddescr>Site Path</fielddescr> + <fieldname>sitepath</fieldname> + <listmodeoff>/</listmodeoff> + </columnitem> + <columnitem> + <fielddescr>Balancer</fielddescr> + <fieldname>balancer</fieldname> + </columnitem> + <columnitem> + <fielddescr>LB Method</fielddescr> + <fieldname>lbmethod</fieldname> + </columnitem> + <columnitem> + <fielddescr>Backendpath</fielddescr> + <fieldname>backendpath</fieldname> + <listmodeoff>/</listmodeoff> + </columnitem> + <columnitem> + <fielddescr>Modsecurity</fielddescr> + <fieldname>modsecgroup</fieldname> + <listmodeoff>None</listmodeoff> + </columnitem> + <columnitem> + <fielddescr>Rule Manipulation</fielddescr> + <fieldname>modsecmanipulation</fieldname> + <listmodeoff>None</listmodeoff> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Location Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr><![CDATA[Identifier]]></fielddescr> + <fieldname>name</fieldname> + <description><![CDATA[Location name/identifier.]]></description> + <type>input</type> + <required/> + <size>20</size> + </field> + <field> + <fielddescr><![CDATA[gzip?]]></fielddescr> + <fieldname>compress</fieldname> + <description>Compress data to save bandwidth?</description> + <type>select</type> + <options> + <option><name>yes</name><value>yes</value></option> + <option><name>no</name><value>no</value></option> + </options> + </field> + <field> + <fielddescr><![CDATA[Site Path]]></fielddescr> + <fieldname>sitepath</fieldname> + <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description> + <type>input</type> + <size>30</size> + </field> + <field> + <fielddescr><![CDATA[Balancer]]></fielddescr> + <fieldname>balancer</fieldname> + <description>Server balancer / pool</description> + <source><![CDATA[$config['installedpackages']['apachebalancer']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + <show_disable_value>none</show_disable_value> + <type>select_source</type> + <size>5</size> + </field> + <field> + <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LB Method</a>]]></fielddescr> + <fieldname>lbmethod</fieldname> + <description>Server balance method</description> + <type>select</type> + <options> + <option><name>byrequests</name><value>byrequests</value></option> + <option><name>bytraffic</name><value>bytraffic</value></option> + <option><name>bybusyness</name><value>bybusyness</value></option> + </options> + </field> + <field> + <fielddescr>Backend Path</fielddescr> + <fieldname>backendpath</fieldname> + <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description> + <type>input</type> + <size>30</size> + </field> + <field> + <fielddescr><![CDATA[ModSecurity]]></fielddescr> + <fieldname>modsecgroup</fieldname> + <description>Choose ModSecurity group to use on this virtual host.</description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['apachemodsecuritygroups']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + <show_disable_value>none</show_disable_value> + </field> + <field> + <fielddescr><![CDATA[Manipulations]]></fielddescr> + <fieldname>modsecmanipulation</fieldname> + <description>Choose Modsecurity group to use on this virtual host.</description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['apachemodsecuritymanipulation']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + <show_disable_value>none</show_disable_value> + </field> + <field> + <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'> Balancer options</a>]]></fielddescr> + <fieldname>options</fieldname> + <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description> + <type>input</type> + <size>30</size> + </field> + <field> + <name>Custom Location Options</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Custom Options</fielddescr> + <fieldname>custom</fieldname> + <description><![CDATA[Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.]]></description> + <type>textarea</type> + <cols>90</cols> + <rows>10</rows> + <encoding>base64</encoding> + <dontdisplayname/> + <usecolspan2/> + </field> + </fields> + <service> + <name>apache_mod_security</name> + <rcfile>apache_mod_security.sh</rcfile> + <executable>httpd</executable> + </service> + <custom_php_resync_config_command> + apache_mod_security_resync(); + </custom_php_resync_config_command> + <include_file>/usr/local/pkg/apache_mod_security.inc</include_file> +</packagegui> diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 1129af6d..31be95cf 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -211,7 +211,7 @@ function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $ return; if(!$synctimeout) - $synctimeout=250; + $synctimeout=25; $xmlrpc_sync_neighbor = $sync_to_ip; if($config['system']['webgui']['protocol'] != "") { @@ -472,19 +472,8 @@ function generate_apache_configuration() { //chroot apache http://forums.freebsd.org/showthread.php?t=6858 if (is_array($config['installedpackages']['apachemodsecuritygroups'])){ unset($mods_group); - $i=0; - $write_config=0; foreach ($config['installedpackages']['apachemodsecuritygroups']['config'] as $mods_groups){ //RULES_DIRECTORY - $mods_group[$mods_groups['name']]="Include ".RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf\n"; - if ($mods_groups['crs10']==""){ - if (file_exists(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')){ - $config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']=base64_encode(file_get_contents(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')); - $write_config++; - } - } - file_put_contents(RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']),LOCK_EX); - foreach (split(",",$mods_groups['baserules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n"; } @@ -497,10 +486,7 @@ function generate_apache_configuration() { foreach (split(",",$mods_groups['experimentalrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n"; } - $i++; } - if ($write_config > 0) - write_config("load crs 10 setup file to modsecurity group {$mods_groups['name']}"); } //print "<PRE>"; //var_dump($mods_group); @@ -508,8 +494,20 @@ function generate_apache_configuration() { //mod_security settings if (is_array($config['installedpackages']['apachemodsecuritysettings'])){ $mods_settings=$config['installedpackages']['apachemodsecuritysettings']['config'][0]; - } - + + if ($mods_settings['crs10']=="" && file_exists(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')){ + $config['installedpackages']['apachemodsecuritysettings']['config'][0]['crs10']=base64_encode(file_get_contents(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')); + write_config("modsecurity - Load crs 10 default setup file."); + } + + $cr10_setup="Include ".RULES_DIRECTORY ."/modsecurity_crs_10_setup.conf\n"; + file_put_contents(RULES_DIRECTORY ."/modsecurity_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][0]['crs10']),LOCK_EX); + } + // create location(s) array + if (is_array($config['installedpackages']['apachelocation'])){ + foreach ($config['installedpackages']['apachelocation']['config'] as $location) + $apache_location[$location['name']]=$location; + } //configure virtual hosts $namevirtualhosts=array(); $namevirtualhosts[0]=$global_listen; @@ -581,8 +579,10 @@ EOF; $vh_config.= apache_textarea_decode($virtualhost['custom'])."\n\n"; #Check virtualhost locations - foreach ($virtualhost['row'] as $backend){ - if ($backend['balancer'] != "none"){ + foreach ($virtualhost['row'] as $be){ + if ($be['location'] != "none"){ + $backend=$apache_location[$be['location']]; + $vh_config.="# {$backend['name']}\n"; $vh_config.=" <Location ".($backend['sitepath'] ? $backend['sitepath'] : "/").">\n"; $vh_config.=" ProxyPass balancer://{$backend['balancer']}{$backend['backendpath']}\n"; $vh_config.=" ProxyPassReverse balancer://{$backend['balancer']}{$backend['backendpath']}\n"; @@ -713,7 +713,6 @@ EOF; $extendedstatus="ExtendedStatus On"; } $mod_status .= <<<EOF - $mod_status .= <<<EOF {$extendedstatus} <Location /server-status> SetHandler server-status diff --git a/config/apache_mod_security-dev/apache_mod_security_groups.xml b/config/apache_mod_security-dev/apache_mod_security_groups.xml index c4651f45..4775fb3c 100644 --- a/config/apache_mod_security-dev/apache_mod_security_groups.xml +++ b/config/apache_mod_security-dev/apache_mod_security_groups.xml @@ -191,36 +191,6 @@ </options> </field> <field> - <name>mod_security crs 10 setup</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_security crs 10 setup</fielddescr> - <fieldname>crs10</fieldname> - <dontdisplayname/> - <usecolspan2/> - <description><![CDATA[<b>modsecurity_crs_10_setup.conf file.</b><br>Leave empty to load setup defaults.]]></description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>15</rows> - <cols>90</cols> - </field> - <field> - <name>Custom mod_security ErrorDocument</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Custom mod_security ErrorDocument</fielddescr> - <fieldname>errordocument</fieldname> - <dontdisplayname/> - <usecolspan2/> - <description>Custom mod_security ErrorDocument.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>10</rows> - <cols>90</cols> - </field> - <field> <name>Custom mod_security rules</name> <type>listtopic</type> </field> diff --git a/config/apache_mod_security-dev/apache_mod_security_settings.xml b/config/apache_mod_security-dev/apache_mod_security_settings.xml index 68581687..bbc7da4a 100644 --- a/config/apache_mod_security-dev/apache_mod_security_settings.xml +++ b/config/apache_mod_security-dev/apache_mod_security_settings.xml @@ -123,6 +123,36 @@ <size>10</size> </field> <field> + <name>mod_security crs 10 setup</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>mod_security crs 10 setup</fielddescr> + <fieldname>crs10</fieldname> + <dontdisplayname/> + <usecolspan2/> + <description><![CDATA[<b>modsecurity_crs_10_setup.conf file.</b><br>Leave empty to load setup defaults.]]></description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>15</rows> + <cols>90</cols> + </field> + <field> + <name>Custom mod_security ErrorDocument</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Custom mod_security ErrorDocument</fielddescr> + <fieldname>errordocument</fieldname> + <dontdisplayname/> + <usecolspan2/> + <description>Custom mod_security ErrorDocument.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>10</rows> + <cols>90</cols> + </field> + <field> <name>Modsecurity addons</name> <type>listtopic</type> </field> diff --git a/config/apache_mod_security-dev/apache_mod_security_sync.xml b/config/apache_mod_security-dev/apache_mod_security_sync.xml index 3e1c0a9c..7ecfb68e 100755 --- a/config/apache_mod_security-dev/apache_mod_security_sync.xml +++ b/config/apache_mod_security-dev/apache_mod_security_sync.xml @@ -86,11 +86,11 @@ <required/> <default_value>250</default_value> <options> - <option><name>250 seconds(Default)</name><value>250</value></option> - <option><name>120 seconds</name><value>120</value></option> - <option><name>90 seconds</name><value>90</value></option> + <option><name>30 seconds(Default)</name><value>30</value></option> <option><name>60 seconds</name><value>60</value></option> - <option><name>30 seconds</name><value>30</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>250 seconds</name><value>250</value></option> </options> </field> <field> diff --git a/config/apache_mod_security-dev/apache_settings.xml b/config/apache_mod_security-dev/apache_settings.xml index 14415362..1dd4bc78 100644 --- a/config/apache_mod_security-dev/apache_settings.xml +++ b/config/apache_mod_security-dev/apache_settings.xml @@ -68,6 +68,11 @@ <tab_level>2</tab_level> </tab> <tab> + <text>Location(s)</text> + <url>/pkg.php?xml=apache_location.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> <text>Virtual Hosts</text> <url>/pkg.php?xml=apache_virtualhost.xml</url> <tab_level>2</tab_level> @@ -88,6 +93,7 @@ <fieldname>globalsiteadminemail</fieldname> <description>Enter the site administrators e-mail address</description> <type>input</type> + <size>25</size> </field> <field> <fielddescr>Server hostname</fielddescr> @@ -97,6 +103,7 @@ NOTE: Leave blank to use this devices hostname.]]> </description> <type>input</type> + <size>25</size> </field> <field> <fielddescr>Default Bind to IP Address</fielddescr> diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php index 494f37cd..10bb1db6 100644 --- a/config/apache_mod_security-dev/apache_view_logs.php +++ b/config/apache_mod_security-dev/apache_view_logs.php @@ -106,6 +106,7 @@ function showLog(content,url,logtype) unset ($tab_array); $tab_array[] = array(gettext("Daemon Options"), false, "pkg_edit.php?xml=apache_settings.xml"); $tab_array[] = array(gettext("Backends / Balancers"), false, "/pkg.php?xml=apache_balancer.xml"); + $tab_array[] = array(gettext("Location(s)"), false, "/pkg.php?xml=apache_location.xml"); $tab_array[] = array(gettext("Virtual Hosts"), false, "/pkg.php?xml=apache_virtualhost.xml"); $tab_array[] = array(gettext("Logs"), true, "/apache_view_logs.php"); display_top_tabs($tab_array); diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index 53478721..747ef975 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -119,6 +119,11 @@ <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/apache_mod_security-dev/pkg_apache.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/apache_mod_security-dev/apache_location.xml</item> + </additional_files_needed> <tabs> <tab> <text>Apache</text> @@ -144,6 +149,11 @@ <tab_level>2</tab_level> </tab> <tab> + <text>Location(s)</text> + <url>/pkg.php?xml=apache_location.xml</url> + <tab_level>2</tab_level> + </tab> + <tab> <text>Virtual Hosts</text> <url>/pkg.php?xml=apache_virtualhost.xml</url> <tab_level>2</tab_level> @@ -257,7 +267,7 @@ <show_disable_value>none</show_disable_value> </field> <field> - <fielddescr>intermediate CA certificate(optional)</fielddescr> + <fielddescr>Intermediate CA certificate (optional)</fielddescr> <fieldname>reverse_int_ca</fieldname> <description>Select intermediate CA assigned to certificate. Not all certificates require this.</description> <type>select_source</type> @@ -267,100 +277,21 @@ <show_disable_value>none</show_disable_value> </field> <field> - <name><![CDATA[Location(s)]]></name> - <type>listtopic</type> - </field> - <field> <fielddescr> <![CDATA[Location(s)]]> </fielddescr> <fieldname>locations</fieldname> <type>rowhelper</type> - <dontdisplayname/> - <usecolspan2/> - <movable>on</movable> <rowhelper> <rowhelperfield> - <fielddescr><![CDATA[gzip?]]></fielddescr> - <fieldname>compress</fieldname> - <description>Compress data to save bandwidth?</description> - <type>select</type> - <options> - <option><name>yes</name><value>yes</value></option> - <option><name>no</name><value>no</value></option> - </options> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[Site Path]]></fielddescr> - <fieldname>sitepath</fieldname> - <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description> - <type>input</type> - <size>12</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[Balancer]]></fielddescr> - <fieldname>balancer</fieldname> - <description>Server balancer / pool</description> - <source><![CDATA[$config['installedpackages']['apachebalancer']['config']]]></source> - <source_name>name</source_name> - <source_value>name</source_value> - <show_disable_value>none</show_disable_value> - <type>select_source</type> - <size>5</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LB Method</a>]]></fielddescr> - <fieldname>lbmethod</fieldname> - <description>Server balance method</description> - <type>select</type> - <options> - <option><name>byrequests</name><value>byrequests</value></option> - <option><name>bytraffic</name><value>bytraffic</value></option> - <option><name>bybusyness</name><value>bybusyness</value></option> - </options> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Backend Path</fielddescr> - <fieldname>backendpath</fieldname> - <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description> - <type>input</type> - <size>12</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[ModSecurity]]></fielddescr> - <fieldname>modsecgroup</fieldname> - <description>Choose ModSecurity group to use on this virtual host.</description> - <type>select_source</type> - <source><![CDATA[$config['installedpackages']['apachemodsecuritygroups']['config']]]></source> + <fielddescr><![CDATA[Location]]></fielddescr> + <fieldname>location</fieldname> + <description>Server Location</description> + <source><![CDATA[$config['installedpackages']['apachelocation']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <show_disable_value>none</show_disable_value> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[Manipulations]]></fielddescr> - <fieldname>modsecmanipulation</fieldname> - <description>Choose Modsecurity group to use on this virtual host.</description> <type>select_source</type> - <source><![CDATA[$config['installedpackages']['apachemodsecuritymanipulation']['config']]]></source> - <source_name>name</source_name> - <source_value>name</source_value> - <show_disable_value>none</show_disable_value> - </rowhelperfield> - <rowhelperfield> - <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'> Balancer options</a>]]></fielddescr> - <fieldname>options</fieldname> - <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description> - <type>input</type> - <size>11</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Location Custom Settings</fielddescr> - <fieldname>custom</fieldname> - <description><![CDATA[Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.]]></description> - <type>textarea</type> - <cols>65</cols> - <rows>10</rows> - <encoding>base64</encoding> </rowhelperfield> </rowhelper> </field> |