diff options
Diffstat (limited to 'config/apache_mod_security/apache_mod_security.inc')
-rw-r--r-- | config/apache_mod_security/apache_mod_security.inc | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc index c45f426d..eee5af4c 100644 --- a/config/apache_mod_security/apache_mod_security.inc +++ b/config/apache_mod_security/apache_mod_security.inc @@ -36,7 +36,7 @@ conf_mount_rw(); // Needed mod_security directories if(!is_dir("/usr/local/apachemodsecurity")) safe_mkdir("/usr/local/apachemodsecurity"); -if(!is_dir("/usr/local/apachemodsecurity")) +if(!is_dir("/usr/local/apachemodsecurity/rules")) safe_mkdir("/usr/local/apachemodsecurity/rules"); // Startup function @@ -166,7 +166,25 @@ function generate_apache_configuration() { safe_mkdir("/var/db/apachemodsecuritycache"); $cache_root .= "CacheRoot /var/db/apachemodsecuritycache\n"; } - + + // SecRequestBodyInMemoryLimit Directive + if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodyinmemorylimit']) + $secrequestbodyinmemorylimit = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodyinmemorylimit']; + else + $secrequestbodyinmemorylimit = "131072"; + + // SecRequestBodyLimit + if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodylimit']) + $secrequestbodylimit = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodylimit']; + else + $secrequestbodylimit = "10485760"; + + // SecAuditEngine + if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['secauditengine']) + $secauditengine = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['secauditengine']; + else + $secauditengine = "RelevantOnly"; + $mod_proxy .= <<<EOF # Off when using ProxyPass @@ -325,10 +343,9 @@ EOF; SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess On - - # XXX Add knobs for these - SecRequestBodyInMemoryLimit 131072 - SecRequestBodyLimit 10485760 + + SecRequestBodyInMemoryLimit {$secrequestbodyinmemorylimit} + SecRequestBodyLimit {$secrequestbodylimit} {$mod_security_custom} @@ -339,11 +356,10 @@ EOF; SecUploadDir /var/spool/apache/private SecUploadKeepFiles Off - # XXX Add knobs for these # The audit engine works independently and # can be turned On of Off on the per-server or # on the per-directory basis - SecAuditEngine RelevantOnly + SecAuditEngine {$secauditengine} # XXX Add knobs for these # Make sure that URL encoding is valid @@ -373,8 +389,8 @@ EOF; EOF; - } + $apache_config = <<<EOF ################################################################################## # NOTE: This file was generated by the pfSense package management system. # |