diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/apache_mod_security/apache_mod_security.inc | 111 |
1 files changed, 93 insertions, 18 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc index 2f533b0d..0a323701 100644 --- a/config/apache_mod_security/apache_mod_security.inc +++ b/config/apache_mod_security/apache_mod_security.inc @@ -1,27 +1,97 @@ <?php +/* + apache_mod_security.inc + part of the apache_mod_security package for pfSense + Copyright (C) 2009 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ if(!is_dir("/usr/local/apachemodsecurity")) { safe_mkdir("/usr/local/apachemodsecurity"); conf_mount_rw(); } +function apache_mod_security_start() { + exec("/usr/local/sbin/httpd"); +} + +function apache_mod_security_stop() { + exec("/usr/bin/killall httpd"); +} + +function apache_mod_security_restart() { + apache_mod_security_stop(); + apache_mod_security_start(); +} + function apache_mod_security_install() { global $config, $g; + + $filename = "apache_mod_security.sh"; + + $start = "php -q -d auto_prepend_file=config.inc <<ENDPHP + <?php + require_once(\"functions.inc\"); + require_once(\"/usr/local/pkg/apache_mod_security.inc\"); + apache_mod_security_start(); + ?> + ENDPHP\n"; + + $stop = "php -q -d auto_prepend_file=config.inc <<ENDPHP + <?php + require_once(\"functions.inc\"); + require_once(\"/usr/local/pkg/apache_mod_security.inc\"); + apache_mod_security_stop(); + ?> + ENDPHP\n"; + + write_rcfile(array( + "file" => $filename, + "start" => $start, + "stop" => $stop + ) + ); + } function apache_mod_security_deinstall() { global $config, $g; - exec("rm -rf /usr/local/apachemodsecurity"); + exec("/bin/rm -rf /usr/local/apachemodsecurity"); + exec("/bin/rm -f /usr/local/etc/rc.d/apache_mod_security.sh"); } +// Regenerate apache configuration and handle server restart function apache_mod_security_resync() { global $config, $g; generate_apache_configuration(); + apache_mod_security_restart(); } // Generate mod_proxy specific configuration function generate_apache_configuration() { global $config, $g; + $mod_proxy = ""; // Set global site e-mail if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalsiteadminemail']) { @@ -53,29 +123,30 @@ function generate_apache_configuration() { $global_listen .= ":80"; } + // Setup mem_cache + if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_mem_cache']) { + if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_mem_cache_size']) + $mcachesize = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_mem_cache_size']; + else + $mcachesize = "100"; + $mem_cache = "MCacheSize $mcachesize\n"; + } - - // XXX The maximum amount of memory used by the cache in KBytes - //MCacheSize 700000 // CacheRoot Directive - // CacheRoot /var/apache_mod_security_cache - // htcacheclean can be used to maintain the cache size at a maximum level. - // XXX - - - - // Syntax:ProxyPreserveHost On|Off ? - $mod_proxy = "ProxyRequests on\n"; - - $mod_proxy = <<<EOF + if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_disk_cache']) { + safe_mkdir("/var/db/apachemodsecuritycache"); + $cache_root .= "CacheRoot /var/db/apachemodsecuritycache\n"; + } + + $mod_proxy .= <<<EOF +// Off when using ProxyPass ProxyRequests off <Proxy *> Order deny,allow Allow from all -</Proxy> - +</Proxy> EOF; @@ -186,6 +257,8 @@ EOF; SecRequestBodyInMemoryLimit 131072 SecRequestBodyLimit 10485760 + {$mod_security_custom} + SecResponseBodyMimeTypesClear SecResponseBodyMimeType (null) text/plain text/html text/css text/xml @@ -294,8 +367,6 @@ EOF; #phpMyAdmin path vln SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc" - {$mod_security_custom} - </IfModule> EOF; @@ -774,6 +845,10 @@ SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> +# Cache settings +{$mem_cache} +{$cache_root} + # Mod security {$mod_security} |