aboutsummaryrefslogtreecommitdiffstats
path: root/config/apache_mod_security-dev
diff options
context:
space:
mode:
Diffstat (limited to 'config/apache_mod_security-dev')
-rwxr-xr-xconfig/apache_mod_security-dev/apache_balancer.xml27
-rw-r--r--config/apache_mod_security-dev/apache_edit_virtualhost_location.php205
-rw-r--r--config/apache_mod_security-dev/apache_location.xml237
-rw-r--r--config/apache_mod_security-dev/apache_mod_security.inc39
-rw-r--r--config/apache_mod_security-dev/apache_mod_security_groups.xml30
-rw-r--r--config/apache_mod_security-dev/apache_mod_security_settings.xml30
-rwxr-xr-xconfig/apache_mod_security-dev/apache_mod_security_sync.xml8
-rw-r--r--config/apache_mod_security-dev/apache_settings.xml7
-rw-r--r--config/apache_mod_security-dev/apache_view_logs.php1
-rw-r--r--config/apache_mod_security-dev/apache_virtualhost.xml99
10 files changed, 329 insertions, 354 deletions
diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml
index 7cb9774b..5e02f9d4 100755
--- a/config/apache_mod_security-dev/apache_balancer.xml
+++ b/config/apache_mod_security-dev/apache_balancer.xml
@@ -75,6 +75,11 @@
<active/>
</tab>
<tab>
+ <text>Location(s)</text>
+ <url>/pkg.php?xml=apache_location.xml</url>
+ <tab_level>2</tab_level>
+ </tab>
+ <tab>
<text>Virtual Hosts</text>
<url>/pkg.php?xml=apache_virtualhost.xml</url>
<tab_level>2</tab_level>
@@ -107,20 +112,20 @@
</adddeleteeditpagefields>
<fields>
<field>
- <name>apache Reverse Peer Mappings</name>
+ <name>Apache Reverse Peer Mappings</name>
<type>listtopic</type>
</field>
<field>
<fielddescr>Enable</fielddescr>
<fieldname>enable</fieldname>
- <description>If this field is checked, then this server poll will be available for virtual hosts config.</description>
+ <description>If this field is checked, then this server pool will be available for Virtual Hosts configuration.</description>
<type>checkbox</type>
</field>
<field>
<fielddescr>Balancer name</fielddescr>
<fieldname>name</fieldname>
- <description><![CDATA[Name to identify this peer on apache conf<br>
- example: www_site1]]></description>
+ <description><![CDATA[Name to identify this peer in Apache configuration<br>
+ Example: www_site1]]></description>
<type>input</type>
<size>20</size>
</field>
@@ -134,7 +139,7 @@
<field>
<fielddescr>Protocol</fielddescr>
<fieldname>proto</fieldname>
- <description><![CDATA[Protocol listening on this internal server(s) port.]]></description>
+ <description><![CDATA[Protocol used on the internal server(s).]]></description>
<type>select</type>
<options>
<option> <name>HTTP</name> <value>http</value> </option>
@@ -156,40 +161,40 @@
<rowhelperfield>
<fielddescr>FQDN or IP Address</fielddescr>
<fieldname>host</fieldname>
- <description>Internal site IP or Hostnamesite</description>
+ <description>Internal site IP or site hostname</description>
<type>input</type>
<size>27</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>port</fielddescr>
+ <fielddescr>Port</fielddescr>
<fieldname>port</fieldname>
<description>Internal site port</description>
<type>input</type>
<size>5</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>routeid</fielddescr>
+ <fielddescr>Route ID</fielddescr>
<fieldname>routeid</fieldname>
<description>ID to define sticky connections</description>
<type>input</type>
<size>6</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>weight</fielddescr>
+ <fielddescr>Weight</fielddescr>
<fieldname>loadfactor</fieldname>
<description>Server weight</description>
<type>input</type>
<size>4</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>ping</fielddescr>
+ <fielddescr>Ping</fielddescr>
<fieldname>ping</fieldname>
<description>Server ping test interval</description>
<type>input</type>
<size>6</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>ttl</fielddescr>
+ <fielddescr>TTL</fielddescr>
<fieldname>ttl</fieldname>
<description>Server ping TTL</description>
<type>input</type>
diff --git a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php
deleted file mode 100644
index 5448f850..00000000
--- a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php
+++ /dev/null
@@ -1,205 +0,0 @@
-<?php
-/* ========================================================================== */
-/*
- apache_view_logs.php
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2009, 2010 Scott Ullrich <sullrich@gmail.com>
- Copyright (C) 2012 Marcello Coutinho
- Copyright (C) 2012 Carlos Cesario
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code MUST retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form MUST reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
-
-require_once("/etc/inc/util.inc");
-require_once("/etc/inc/functions.inc");
-require_once("/etc/inc/pkg-utils.inc");
-require_once("/etc/inc/globals.inc");
-require_once("guiconfig.inc");
-require_once("apache_mod_security.inc");
-
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
- $one_two = true;
-
-$pgtitle = "Apache reverse proxy: Apache VirtualHost Location";
-
-$virtualhost_id = $_GET['virtualhost_id'];
-if (isset($_POST['virtualhost_id']))
- $virtualhost_id = $_POST['virtualhost_id'];
-
-$backend_id = $_GET['backend_id'];
-if (isset($_POST['backend_id']))
- $backend_id = $_POST['backend_id'];
-
-if (is_array($config['installedpackages']['apachevirtualhost']['config']) && is_array($config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id]))
- $virtualhost = &$config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id];
-if (is_array($virtualhost['row']) && is_array($virtualhost['row'][$backend_id]))
- $backend = &$virtualhost['row'][$backend_id];
-
-/*
- * Not having a virtualhost->backend entry means we can't do this.
- */
-if (! $backend) {
- $input_errors[] = gettext("Requested VirtualHost (ID={$virtualhost_id}) or Backend (ID={$backend_id}) does not exist.");
-}
-
-
-if ($_POST) {
- unset($input_errors);
-
- /*
- * Check for a valid expirationdate if one is set at all (valid means,
- * DateTime puts out a time stamp so any DateTime compatible time
- * format may be used. to keep it simple for the enduser, we only
- * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
- * like "+1 day", which will be converted to MM/DD/YYYY based on "now".
- * Otherwhise such an entry would lead to an invalid expiration data.
- */
- if ($_POST['expires']) {
- try {
- $expdate = new DateTime($_POST['expires']);
- //convert from any DateTime compatible date to MM/DD/YYYY
- $_POST['expires'] = $expdate->format("m/d/Y");
- } catch ( Exception $ex ) {
- $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
- }
- }
-
- /* if this is an AJAX caller then handle via JSON */
- if (isAjax() && is_array($input_errors)) {
- input_errors2Ajax($input_errors);
- exit;
- }
-
- if (!$input_errors) {
- if ($_POST['custom'])
- $backend['custom'] = base64_encode($_POST['custom']);
- else
- unset($backend['custom']);
-
- write_config("Saved Location Custom Settings for location {$backend['sitepath']} on virtual host '{$virtualhost['primarysitehostname']}'");
- apache_mod_security_resync();
- pfSenseHeader("apache_edit_virtualhost_location.php?virtualhost_id={$virtualhost_id}&backend_id={$backend_id}");
- }
-}
-
-include("head.inc");
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-
-<?php if($one_two): ?>
-
- <p class="pgtitle"><?=$pgtitle?></font></p>
-
-<?php endif; ?>
-
-<?php
- if ($input_errors)
- print_input_errors($input_errors);
- if ($savemsg)
- print_info_box($savemsg);
-?>
-
-<div id="mainlevel">
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
- <?php
- $tab_array = array();
- $tab_array[] = array(gettext("Apache"), true, "/pkg_edit.php?xml=apache_settings.xml&amp;id=0");
- $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_settings.xml");
- $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=apache_mod_security_sync.xml");
- display_top_tabs($tab_array);
- ?>
- </td></tr>
- <tr><td>
- <?php
- unset ($tab_array);
- $tab_array[] = array(gettext("Daemon Options"), false, "pkg_edit.php?xml=apache_settings.xml");
- $tab_array[] = array(gettext("Backends / Balancers"), false, "/pkg.php?xml=apache_balancer.xml");
- $tab_array[] = array(gettext("Virtual Hosts"), true, "/pkg.php?xml=apache_virtualhost.xml");
- $tab_array[] = array(gettext("Logs"), false, "/apache_view_logs.php");
- display_top_tabs($tab_array);
- ?>
- </td></tr>
- <tr><td>
- <div id="mainarea" style="padding-top: 0px; padding-bottom: 0px; ">
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"><tbody>
- <form action="apache_edit_virtualhost_location.php" id="paramsForm" name="paramsForm" method="post">
- <tr>
- <td width="22%" valign="top" class="vncellreq">Primary Site Hostname</td>
- <td width="78%" class="vtable">
- <span class="vexpl">
- <?=base64_decode($virtualhost['primarysitehostname']);?>
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Current Site Path</td>
- <td width="78%" class="vtable">
- <span class="vexpl">
- <?=$backend['sitepath'];?>
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Location Custom Settings");?></td>
- <td width="78%" class="vtable">
- <textarea name='custom' rows='10' cols='65' id='custom'><?=base64_decode($backend['custom']);?></textarea>
- <br/>
- <span class="vexpl">
- <?=gettext("Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.");?>
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
-<?php if (isset($virtualhost_id)): ?>
- <input name="virtualhost_id" type="hidden" value="<?=$virtualhost_id;?>" />
-<?php endif;?>
-<?php if (isset($backend_id)): ?>
- <input name="backend_id" type="hidden" value="<?=$backend_id;?>" />
-<?php endif;?>
- <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
- <input id="cancel" name="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" />
- </td>
- </tr>
- </form>
- </tbody></table>
- </div>
- </td></tr>
- </table>
-</div>
-
-
-<?php
-include("fend.inc");
-?>
-
-</body>
-</html>
diff --git a/config/apache_mod_security-dev/apache_location.xml b/config/apache_mod_security-dev/apache_location.xml
new file mode 100644
index 00000000..ea957f43
--- /dev/null
+++ b/config/apache_mod_security-dev/apache_location.xml
@@ -0,0 +1,237 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ apache_location.xml
+ part of apache_mod_security package (http://www.pfSense.com)
+ Copyright (C)2012 Marcello Coutinho
+ Copyright (C)2013 Stephane Lapie <stephane.lapie@asahinet.com>
+ All rights reserved.
+*/
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code MUST retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form MUST reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ========================================================================== */
+]]>
+ </copyright>
+ <name>apachelocation</name>
+ <version>1.0</version>
+ <title>Apache reverse proxy: Locations</title>
+
+ <tabs>
+ <tab>
+ <text>Apache</text>
+ <url>/pkg_edit.php?xml=apache_settings.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>ModSecurity</text>
+ <url>/pkg_edit.php?xml=apache_mod_security_settings.xml</url>
+ </tab>
+ <tab>
+ <text>Sync</text>
+ <url>/pkg_edit.php?xml=apache_mod_security_sync.xml</url>
+ </tab>
+ <tab>
+ <text>Daemon Options</text>
+ <url>/pkg_edit.php?xml=apache_settings.xml</url>
+ <tab_level>2</tab_level>
+ </tab>
+ <tab>
+ <text>Backends / Balancers</text>
+ <url>/pkg.php?xml=apache_balancer.xml</url>
+ <tab_level>2</tab_level>
+ </tab>
+ <tab>
+ <text>Location(s)</text>
+ <url>/pkg.php?xml=apache_location.xml</url>
+ <active/>
+ <tab_level>2</tab_level>
+ </tab>
+ <tab>
+ <text>Virtual Hosts</text>
+ <url>/pkg.php?xml=apache_virtualhost.xml</url>
+ <tab_level>2</tab_level>
+ </tab>
+ <tab>
+ <text>Logs</text>
+ <url>/apache_view_logs.php</url>
+ <tab_level>2</tab_level>
+ </tab>
+ </tabs>
+ <adddeleteeditpagefields>
+ <movable>on</movable>
+ <columnitem>
+ <fielddescr>Identifier</fielddescr>
+ <fieldname>name</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Compress</fielddescr>
+ <fieldname>compress</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Site Path</fielddescr>
+ <fieldname>sitepath</fieldname>
+ <listmodeoff>/</listmodeoff>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Balancer</fielddescr>
+ <fieldname>balancer</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>LB Method</fielddescr>
+ <fieldname>lbmethod</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Backendpath</fielddescr>
+ <fieldname>backendpath</fieldname>
+ <listmodeoff>/</listmodeoff>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Modsecurity</fielddescr>
+ <fieldname>modsecgroup</fieldname>
+ <listmodeoff>None</listmodeoff>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Rule Manipulation</fielddescr>
+ <fieldname>modsecmanipulation</fieldname>
+ <listmodeoff>None</listmodeoff>
+ </columnitem>
+ </adddeleteeditpagefields>
+ <fields>
+ <field>
+ <name>Location Settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr><![CDATA[Identifier]]></fielddescr>
+ <fieldname>name</fieldname>
+ <description><![CDATA[Location name/identifier.]]></description>
+ <type>input</type>
+ <required/>
+ <size>20</size>
+ </field>
+ <field>
+ <fielddescr><![CDATA[gzip?]]></fielddescr>
+ <fieldname>compress</fieldname>
+ <description>Compress data to save bandwidth?</description>
+ <type>select</type>
+ <options>
+ <option><name>yes</name><value>yes</value></option>
+ <option><name>no</name><value>no</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr><![CDATA[Site Path]]></fielddescr>
+ <fieldname>sitepath</fieldname>
+ <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description>
+ <type>input</type>
+ <size>30</size>
+ </field>
+ <field>
+ <fielddescr><![CDATA[Balancer]]></fielddescr>
+ <fieldname>balancer</fieldname>
+ <description>Server balancer / pool</description>
+ <source><![CDATA[$config['installedpackages']['apachebalancer']['config']]]></source>
+ <source_name>name</source_name>
+ <source_value>name</source_value>
+ <show_disable_value>none</show_disable_value>
+ <type>select_source</type>
+ <size>5</size>
+ </field>
+ <field>
+ <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LB Method</a>]]></fielddescr>
+ <fieldname>lbmethod</fieldname>
+ <description>Server balance method</description>
+ <type>select</type>
+ <options>
+ <option><name>byrequests</name><value>byrequests</value></option>
+ <option><name>bytraffic</name><value>bytraffic</value></option>
+ <option><name>bybusyness</name><value>bybusyness</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Backend Path</fielddescr>
+ <fieldname>backendpath</fieldname>
+ <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description>
+ <type>input</type>
+ <size>30</size>
+ </field>
+ <field>
+ <fielddescr><![CDATA[ModSecurity]]></fielddescr>
+ <fieldname>modsecgroup</fieldname>
+ <description>Choose ModSecurity group to use on this virtual host.</description>
+ <type>select_source</type>
+ <source><![CDATA[$config['installedpackages']['apachemodsecuritygroups']['config']]]></source>
+ <source_name>name</source_name>
+ <source_value>name</source_value>
+ <show_disable_value>none</show_disable_value>
+ </field>
+ <field>
+ <fielddescr><![CDATA[Manipulations]]></fielddescr>
+ <fieldname>modsecmanipulation</fieldname>
+ <description>Choose Modsecurity group to use on this virtual host.</description>
+ <type>select_source</type>
+ <source><![CDATA[$config['installedpackages']['apachemodsecuritymanipulation']['config']]]></source>
+ <source_name>name</source_name>
+ <source_value>name</source_value>
+ <show_disable_value>none</show_disable_value>
+ </field>
+ <field>
+ <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>&nbsp;&nbsp;Balancer options</a>]]></fielddescr>
+ <fieldname>options</fieldname>
+ <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description>
+ <type>input</type>
+ <size>30</size>
+ </field>
+ <field>
+ <name>Custom Location Options</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Custom Options</fielddescr>
+ <fieldname>custom</fieldname>
+ <description><![CDATA[Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.]]></description>
+ <type>textarea</type>
+ <cols>90</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ <dontdisplayname/>
+ <usecolspan2/>
+ </field>
+ </fields>
+ <service>
+ <name>apache_mod_security</name>
+ <rcfile>apache_mod_security.sh</rcfile>
+ <executable>httpd</executable>
+ </service>
+ <custom_php_resync_config_command>
+ apache_mod_security_resync();
+ </custom_php_resync_config_command>
+ <include_file>/usr/local/pkg/apache_mod_security.inc</include_file>
+</packagegui>
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc
index 1129af6d..31be95cf 100644
--- a/config/apache_mod_security-dev/apache_mod_security.inc
+++ b/config/apache_mod_security-dev/apache_mod_security.inc
@@ -211,7 +211,7 @@ function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $
return;
if(!$synctimeout)
- $synctimeout=250;
+ $synctimeout=25;
$xmlrpc_sync_neighbor = $sync_to_ip;
if($config['system']['webgui']['protocol'] != "") {
@@ -472,19 +472,8 @@ function generate_apache_configuration() {
//chroot apache http://forums.freebsd.org/showthread.php?t=6858
if (is_array($config['installedpackages']['apachemodsecuritygroups'])){
unset($mods_group);
- $i=0;
- $write_config=0;
foreach ($config['installedpackages']['apachemodsecuritygroups']['config'] as $mods_groups){
//RULES_DIRECTORY
- $mods_group[$mods_groups['name']]="Include ".RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf\n";
- if ($mods_groups['crs10']==""){
- if (file_exists(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')){
- $config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']=base64_encode(file_get_contents(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example'));
- $write_config++;
- }
- }
- file_put_contents(RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']),LOCK_EX);
-
foreach (split(",",$mods_groups['baserules']) as $baserule){
$mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n";
}
@@ -497,10 +486,7 @@ function generate_apache_configuration() {
foreach (split(",",$mods_groups['experimentalrules']) as $baserule){
$mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n";
}
- $i++;
}
- if ($write_config > 0)
- write_config("load crs 10 setup file to modsecurity group {$mods_groups['name']}");
}
//print "<PRE>";
//var_dump($mods_group);
@@ -508,8 +494,20 @@ function generate_apache_configuration() {
//mod_security settings
if (is_array($config['installedpackages']['apachemodsecuritysettings'])){
$mods_settings=$config['installedpackages']['apachemodsecuritysettings']['config'][0];
- }
-
+
+ if ($mods_settings['crs10']=="" && file_exists(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')){
+ $config['installedpackages']['apachemodsecuritysettings']['config'][0]['crs10']=base64_encode(file_get_contents(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example'));
+ write_config("modsecurity - Load crs 10 default setup file.");
+ }
+
+ $cr10_setup="Include ".RULES_DIRECTORY ."/modsecurity_crs_10_setup.conf\n";
+ file_put_contents(RULES_DIRECTORY ."/modsecurity_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][0]['crs10']),LOCK_EX);
+ }
+ // create location(s) array
+ if (is_array($config['installedpackages']['apachelocation'])){
+ foreach ($config['installedpackages']['apachelocation']['config'] as $location)
+ $apache_location[$location['name']]=$location;
+ }
//configure virtual hosts
$namevirtualhosts=array();
$namevirtualhosts[0]=$global_listen;
@@ -581,8 +579,10 @@ EOF;
$vh_config.= apache_textarea_decode($virtualhost['custom'])."\n\n";
#Check virtualhost locations
- foreach ($virtualhost['row'] as $backend){
- if ($backend['balancer'] != "none"){
+ foreach ($virtualhost['row'] as $be){
+ if ($be['location'] != "none"){
+ $backend=$apache_location[$be['location']];
+ $vh_config.="# {$backend['name']}\n";
$vh_config.=" <Location ".($backend['sitepath'] ? $backend['sitepath'] : "/").">\n";
$vh_config.=" ProxyPass balancer://{$backend['balancer']}{$backend['backendpath']}\n";
$vh_config.=" ProxyPassReverse balancer://{$backend['balancer']}{$backend['backendpath']}\n";
@@ -713,7 +713,6 @@ EOF;
$extendedstatus="ExtendedStatus On";
}
$mod_status .= <<<EOF
- $mod_status .= <<<EOF
{$extendedstatus}
<Location /server-status>
SetHandler server-status
diff --git a/config/apache_mod_security-dev/apache_mod_security_groups.xml b/config/apache_mod_security-dev/apache_mod_security_groups.xml
index c4651f45..4775fb3c 100644
--- a/config/apache_mod_security-dev/apache_mod_security_groups.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_groups.xml
@@ -191,36 +191,6 @@
</options>
</field>
<field>
- <name>mod_security crs 10 setup</name>
- <type>listtopic</type>
- </field>
- <field>
- <fielddescr>mod_security crs 10 setup</fielddescr>
- <fieldname>crs10</fieldname>
- <dontdisplayname/>
- <usecolspan2/>
- <description><![CDATA[<b>modsecurity_crs_10_setup.conf file.</b><br>Leave empty to load setup defaults.]]></description>
- <type>textarea</type>
- <encoding>base64</encoding>
- <rows>15</rows>
- <cols>90</cols>
- </field>
- <field>
- <name>Custom mod_security ErrorDocument</name>
- <type>listtopic</type>
- </field>
- <field>
- <fielddescr>Custom mod_security ErrorDocument</fielddescr>
- <fieldname>errordocument</fieldname>
- <dontdisplayname/>
- <usecolspan2/>
- <description>Custom mod_security ErrorDocument.</description>
- <type>textarea</type>
- <encoding>base64</encoding>
- <rows>10</rows>
- <cols>90</cols>
- </field>
- <field>
<name>Custom mod_security rules</name>
<type>listtopic</type>
</field>
diff --git a/config/apache_mod_security-dev/apache_mod_security_settings.xml b/config/apache_mod_security-dev/apache_mod_security_settings.xml
index 68581687..bbc7da4a 100644
--- a/config/apache_mod_security-dev/apache_mod_security_settings.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_settings.xml
@@ -123,6 +123,36 @@
<size>10</size>
</field>
<field>
+ <name>mod_security crs 10 setup</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>mod_security crs 10 setup</fielddescr>
+ <fieldname>crs10</fieldname>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <description><![CDATA[<b>modsecurity_crs_10_setup.conf file.</b><br>Leave empty to load setup defaults.]]></description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>15</rows>
+ <cols>90</cols>
+ </field>
+ <field>
+ <name>Custom mod_security ErrorDocument</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Custom mod_security ErrorDocument</fielddescr>
+ <fieldname>errordocument</fieldname>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <description>Custom mod_security ErrorDocument.</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>10</rows>
+ <cols>90</cols>
+ </field>
+ <field>
<name>Modsecurity addons</name>
<type>listtopic</type>
</field>
diff --git a/config/apache_mod_security-dev/apache_mod_security_sync.xml b/config/apache_mod_security-dev/apache_mod_security_sync.xml
index 3e1c0a9c..7ecfb68e 100755
--- a/config/apache_mod_security-dev/apache_mod_security_sync.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_sync.xml
@@ -86,11 +86,11 @@
<required/>
<default_value>250</default_value>
<options>
- <option><name>250 seconds(Default)</name><value>250</value></option>
- <option><name>120 seconds</name><value>120</value></option>
- <option><name>90 seconds</name><value>90</value></option>
+ <option><name>30 seconds(Default)</name><value>30</value></option>
<option><name>60 seconds</name><value>60</value></option>
- <option><name>30 seconds</name><value>30</value></option>
+ <option><name>90 seconds</name><value>90</value></option>
+ <option><name>120 seconds</name><value>120</value></option>
+ <option><name>250 seconds</name><value>250</value></option>
</options>
</field>
<field>
diff --git a/config/apache_mod_security-dev/apache_settings.xml b/config/apache_mod_security-dev/apache_settings.xml
index 14415362..1dd4bc78 100644
--- a/config/apache_mod_security-dev/apache_settings.xml
+++ b/config/apache_mod_security-dev/apache_settings.xml
@@ -68,6 +68,11 @@
<tab_level>2</tab_level>
</tab>
<tab>
+ <text>Location(s)</text>
+ <url>/pkg.php?xml=apache_location.xml</url>
+ <tab_level>2</tab_level>
+ </tab>
+ <tab>
<text>Virtual Hosts</text>
<url>/pkg.php?xml=apache_virtualhost.xml</url>
<tab_level>2</tab_level>
@@ -88,6 +93,7 @@
<fieldname>globalsiteadminemail</fieldname>
<description>Enter the site administrators e-mail address</description>
<type>input</type>
+ <size>25</size>
</field>
<field>
<fielddescr>Server hostname</fielddescr>
@@ -97,6 +103,7 @@
NOTE: Leave blank to use this devices hostname.]]>
</description>
<type>input</type>
+ <size>25</size>
</field>
<field>
<fielddescr>Default Bind to IP Address</fielddescr>
diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php
index 494f37cd..10bb1db6 100644
--- a/config/apache_mod_security-dev/apache_view_logs.php
+++ b/config/apache_mod_security-dev/apache_view_logs.php
@@ -106,6 +106,7 @@ function showLog(content,url,logtype)
unset ($tab_array);
$tab_array[] = array(gettext("Daemon Options"), false, "pkg_edit.php?xml=apache_settings.xml");
$tab_array[] = array(gettext("Backends / Balancers"), false, "/pkg.php?xml=apache_balancer.xml");
+ $tab_array[] = array(gettext("Location(s)"), false, "/pkg.php?xml=apache_location.xml");
$tab_array[] = array(gettext("Virtual Hosts"), false, "/pkg.php?xml=apache_virtualhost.xml");
$tab_array[] = array(gettext("Logs"), true, "/apache_view_logs.php");
display_top_tabs($tab_array);
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml
index 53478721..747ef975 100644
--- a/config/apache_mod_security-dev/apache_virtualhost.xml
+++ b/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -119,6 +119,11 @@
<chmod>0755</chmod>
<item>http://www.pfsense.org/packages/config/apache_mod_security-dev/pkg_apache.inc</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.org/packages/config/apache_mod_security-dev/apache_location.xml</item>
+ </additional_files_needed>
<tabs>
<tab>
<text>Apache</text>
@@ -144,6 +149,11 @@
<tab_level>2</tab_level>
</tab>
<tab>
+ <text>Location(s)</text>
+ <url>/pkg.php?xml=apache_location.xml</url>
+ <tab_level>2</tab_level>
+ </tab>
+ <tab>
<text>Virtual Hosts</text>
<url>/pkg.php?xml=apache_virtualhost.xml</url>
<tab_level>2</tab_level>
@@ -257,7 +267,7 @@
<show_disable_value>none</show_disable_value>
</field>
<field>
- <fielddescr>intermediate CA certificate(optional)</fielddescr>
+ <fielddescr>Intermediate CA certificate (optional)</fielddescr>
<fieldname>reverse_int_ca</fieldname>
<description>Select intermediate CA assigned to certificate. Not all certificates require this.</description>
<type>select_source</type>
@@ -267,100 +277,21 @@
<show_disable_value>none</show_disable_value>
</field>
<field>
- <name><![CDATA[Location(s)]]></name>
- <type>listtopic</type>
- </field>
- <field>
<fielddescr>
<![CDATA[Location(s)]]>
</fielddescr>
<fieldname>locations</fieldname>
<type>rowhelper</type>
- <dontdisplayname/>
- <usecolspan2/>
- <movable>on</movable>
<rowhelper>
<rowhelperfield>
- <fielddescr><![CDATA[gzip?]]></fielddescr>
- <fieldname>compress</fieldname>
- <description>Compress data to save bandwidth?</description>
- <type>select</type>
- <options>
- <option><name>yes</name><value>yes</value></option>
- <option><name>no</name><value>no</value></option>
- </options>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr><![CDATA[Site Path]]></fielddescr>
- <fieldname>sitepath</fieldname>
- <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description>
- <type>input</type>
- <size>12</size>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr><![CDATA[Balancer]]></fielddescr>
- <fieldname>balancer</fieldname>
- <description>Server balancer / pool</description>
- <source><![CDATA[$config['installedpackages']['apachebalancer']['config']]]></source>
- <source_name>name</source_name>
- <source_value>name</source_value>
- <show_disable_value>none</show_disable_value>
- <type>select_source</type>
- <size>5</size>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LB Method</a>]]></fielddescr>
- <fieldname>lbmethod</fieldname>
- <description>Server balance method</description>
- <type>select</type>
- <options>
- <option><name>byrequests</name><value>byrequests</value></option>
- <option><name>bytraffic</name><value>bytraffic</value></option>
- <option><name>bybusyness</name><value>bybusyness</value></option>
- </options>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>Backend Path</fielddescr>
- <fieldname>backendpath</fieldname>
- <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description>
- <type>input</type>
- <size>12</size>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr><![CDATA[ModSecurity]]></fielddescr>
- <fieldname>modsecgroup</fieldname>
- <description>Choose ModSecurity group to use on this virtual host.</description>
- <type>select_source</type>
- <source><![CDATA[$config['installedpackages']['apachemodsecuritygroups']['config']]]></source>
+ <fielddescr><![CDATA[Location]]></fielddescr>
+ <fieldname>location</fieldname>
+ <description>Server Location</description>
+ <source><![CDATA[$config['installedpackages']['apachelocation']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
<show_disable_value>none</show_disable_value>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr><![CDATA[Manipulations]]></fielddescr>
- <fieldname>modsecmanipulation</fieldname>
- <description>Choose Modsecurity group to use on this virtual host.</description>
<type>select_source</type>
- <source><![CDATA[$config['installedpackages']['apachemodsecuritymanipulation']['config']]]></source>
- <source_name>name</source_name>
- <source_value>name</source_value>
- <show_disable_value>none</show_disable_value>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>&nbsp;&nbsp;Balancer options</a>]]></fielddescr>
- <fieldname>options</fieldname>
- <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description>
- <type>input</type>
- <size>11</size>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>Location Custom Settings</fielddescr>
- <fieldname>custom</fieldname>
- <description><![CDATA[Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.]]></description>
- <type>textarea</type>
- <cols>65</cols>
- <rows>10</rows>
- <encoding>base64</encoding>
</rowhelperfield>
</rowhelper>
</field>