From ecd23b84d355e7f05d2d14b1b7747b08ca02da03 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Thu, 14 Nov 2013 02:28:17 -0200 Subject: apache-modsecurity-dev - add a location tab to apache menus to fix custom location options display move modsecurity crs_10_setup to module option tab Backup your location config before updating form 0.2.x to 0.3 package version --- config/apache_mod_security-dev/apache_balancer.xml | 5 + .../apache_edit_virtualhost_location.php | 205 ------------------ config/apache_mod_security-dev/apache_location.xml | 237 +++++++++++++++++++++ .../apache_mod_security.inc | 38 ++-- .../apache_mod_security_groups.xml | 30 --- .../apache_mod_security_settings.xml | 30 +++ .../apache_mod_security_sync.xml | 8 +- config/apache_mod_security-dev/apache_settings.xml | 7 + .../apache_mod_security-dev/apache_view_logs.php | 1 + .../apache_mod_security-dev/apache_virtualhost.xml | 97 ++------- pkg_config.8.xml | 7 +- pkg_config.8.xml.amd64 | 7 +- 12 files changed, 326 insertions(+), 346 deletions(-) delete mode 100644 config/apache_mod_security-dev/apache_edit_virtualhost_location.php create mode 100644 config/apache_mod_security-dev/apache_location.xml diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml index 7cb9774b..015da143 100755 --- a/config/apache_mod_security-dev/apache_balancer.xml +++ b/config/apache_mod_security-dev/apache_balancer.xml @@ -74,6 +74,11 @@ 2 + + Location(s) + /pkg.php?xml=apache_location.xml + 2 + Virtual Hosts /pkg.php?xml=apache_virtualhost.xml diff --git a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php deleted file mode 100644 index 5448f850..00000000 --- a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php +++ /dev/null @@ -1,205 +0,0 @@ - - Copyright (C) 2012 Marcello Coutinho - Copyright (C) 2012 Carlos Cesario - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -require_once("/etc/inc/util.inc"); -require_once("/etc/inc/functions.inc"); -require_once("/etc/inc/pkg-utils.inc"); -require_once("/etc/inc/globals.inc"); -require_once("guiconfig.inc"); -require_once("apache_mod_security.inc"); - -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) - $one_two = true; - -$pgtitle = "Apache reverse proxy: Apache VirtualHost Location"; - -$virtualhost_id = $_GET['virtualhost_id']; -if (isset($_POST['virtualhost_id'])) - $virtualhost_id = $_POST['virtualhost_id']; - -$backend_id = $_GET['backend_id']; -if (isset($_POST['backend_id'])) - $backend_id = $_POST['backend_id']; - -if (is_array($config['installedpackages']['apachevirtualhost']['config']) && is_array($config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id])) - $virtualhost = &$config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id]; -if (is_array($virtualhost['row']) && is_array($virtualhost['row'][$backend_id])) - $backend = &$virtualhost['row'][$backend_id]; - -/* - * Not having a virtualhost->backend entry means we can't do this. - */ -if (! $backend) { - $input_errors[] = gettext("Requested VirtualHost (ID={$virtualhost_id}) or Backend (ID={$backend_id}) does not exist."); -} - - -if ($_POST) { - unset($input_errors); - - /* - * Check for a valid expirationdate if one is set at all (valid means, - * DateTime puts out a time stamp so any DateTime compatible time - * format may be used. to keep it simple for the enduser, we only - * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs - * like "+1 day", which will be converted to MM/DD/YYYY based on "now". - * Otherwhise such an entry would lead to an invalid expiration data. - */ - if ($_POST['expires']) { - try { - $expdate = new DateTime($_POST['expires']); - //convert from any DateTime compatible date to MM/DD/YYYY - $_POST['expires'] = $expdate->format("m/d/Y"); - } catch ( Exception $ex ) { - $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); - } - } - - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } - - if (!$input_errors) { - if ($_POST['custom']) - $backend['custom'] = base64_encode($_POST['custom']); - else - unset($backend['custom']); - - write_config("Saved Location Custom Settings for location {$backend['sitepath']} on virtual host '{$virtualhost['primarysitehostname']}'"); - apache_mod_security_resync(); - pfSenseHeader("apache_edit_virtualhost_location.php?virtualhost_id={$virtualhost_id}&backend_id={$backend_id}"); - } -} - -include("head.inc"); -?> - - - - - - -

- - - - - -
- - - - -
- -
- -
-
- - - - - - - - - - - - - - - - - - - -
Primary Site Hostname - - - -
Current Site Path - - - -
- -
- - - -
  - - - - - - - " /> - " onclick="history.back()" /> -
-
-
-
- - - - - - diff --git a/config/apache_mod_security-dev/apache_location.xml b/config/apache_mod_security-dev/apache_location.xml new file mode 100644 index 00000000..315cca4c --- /dev/null +++ b/config/apache_mod_security-dev/apache_location.xml @@ -0,0 +1,237 @@ + + + + + + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ +]]> + + apachelocation + 1.0 + Apache reverse proxy: Locations + + + + Apache + /pkg_edit.php?xml=apache_settings.xml&id=0 + + + + ModSecurity + /pkg_edit.php?xml=apache_mod_security_settings.xml + + + Sync + /pkg_edit.php?xml=apache_mod_security_sync.xml + + + Daemon Options + /pkg_edit.php?xml=apache_settings.xml + 2 + + + Backends / Balancers + /pkg.php?xml=apache_balancer.xml + 2 + + + Location(s) + /pkg.php?xml=apache_location.xml + + 2 + + + Virtual Hosts + /pkg.php?xml=apache_virtualhost.xml + 2 + + + Logs + /apache_view_logs.php + 2 + + + + on + + Identifier + name + + + Compress + compress + + + Site Path + sitepath + / + + + Balancer + balancer + + + lbmethod + lbmethod + + + Backendpath + backendpath + / + + + Modsecurity + modsecgroup + None + + + Rule Manipulation + modsecmanipulation + None + + + + + Location Settings + listtopic + + + + name + + input + + 20 + + + + compress + Compress data to save bandwidth? + select + + + + + + + + sitepath + leave blank to use /]]> + input + 30 + + + + balancer + Server balancer / pool + + name + name + none + select_source + 5 + + + LB Method]]> + lbmethod + Server balance method + select + + + + + + + + Backend Path + backendpath + Leave blank to use /]]> + input + 30 + + + + modsecgroup + Choose ModSecurity group to use on this virtual host. + select_source + + name + name + none + + + + modsecmanipulation + Choose Modsecurity group to use on this virtual host. + select_source + + name + name + none + + +   Balancer options]]> + options + ex: ttl=60 stickysession='JSESSIONID']]> + input + 30 + + + Custom Location Options + listtopic + + + Custom Options + custom + + textarea + 90 + 10 + base64 + + + + + + apache_mod_security + apache_mod_security.sh + httpd + + + apache_mod_security_resync(); + + /usr/local/pkg/apache_mod_security.inc + diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 1129af6d..c58210dc 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -211,7 +211,7 @@ function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $ return; if(!$synctimeout) - $synctimeout=250; + $synctimeout=25; $xmlrpc_sync_neighbor = $sync_to_ip; if($config['system']['webgui']['protocol'] != "") { @@ -472,19 +472,8 @@ function generate_apache_configuration() { //chroot apache http://forums.freebsd.org/showthread.php?t=6858 if (is_array($config['installedpackages']['apachemodsecuritygroups'])){ unset($mods_group); - $i=0; - $write_config=0; foreach ($config['installedpackages']['apachemodsecuritygroups']['config'] as $mods_groups){ //RULES_DIRECTORY - $mods_group[$mods_groups['name']]="Include ".RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf\n"; - if ($mods_groups['crs10']==""){ - if (file_exists(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')){ - $config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']=base64_encode(file_get_contents(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')); - $write_config++; - } - } - file_put_contents(RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']),LOCK_EX); - foreach (split(",",$mods_groups['baserules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n"; } @@ -497,10 +486,7 @@ function generate_apache_configuration() { foreach (split(",",$mods_groups['experimentalrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n"; } - $i++; } - if ($write_config > 0) - write_config("load crs 10 setup file to modsecurity group {$mods_groups['name']}"); } //print "
";
 	//var_dump($mods_group);
@@ -508,8 +494,20 @@ function generate_apache_configuration() {
 	//mod_security settings
 	if (is_array($config['installedpackages']['apachemodsecuritysettings'])){
 		$mods_settings=$config['installedpackages']['apachemodsecuritysettings']['config'][0];
-	}
-		
+	
+		if ($mods_settings['crs10']=="" && file_exists(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')){
+			$config['installedpackages']['apachemodsecuritysettings']['config'][0]['crs10']=base64_encode(file_get_contents(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example'));
+			write_config("modsecurity - Load crs 10 default setup file.");
+			}
+			
+		$cr10_setup="Include ".RULES_DIRECTORY ."/modsecurity_crs_10_setup.conf\n";
+		file_put_contents(RULES_DIRECTORY ."/modsecurity_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][0]['crs10']),LOCK_EX);
+		}
+	// create location(s) array
+	if (is_array($config['installedpackages']['apachelocation'])){
+		foreach ($config['installedpackages']['apachelocation']['config'] as $location)
+			$apache_location[$location['name']]=$location;
+		}
 	//configure virtual hosts
 	$namevirtualhosts=array();
 	$namevirtualhosts[0]=$global_listen;
@@ -581,8 +579,9 @@ EOF;
 				$vh_config.= apache_textarea_decode($virtualhost['custom'])."\n\n";
 
 				#Check virtualhost locations
-				foreach ($virtualhost['row'] as $backend){
-					if ($backend['balancer'] != "none"){
+				foreach ($virtualhost['row'] as $be){
+					if ($be['location'] != "none"){
+						$backend=$apache_location[$be['location']];
 						$vh_config.=" \n";
 						$vh_config.="  ProxyPass        balancer://{$backend['balancer']}{$backend['backendpath']}\n";
 						$vh_config.="  ProxyPassReverse balancer://{$backend['balancer']}{$backend['backendpath']}\n";
@@ -713,7 +712,6 @@ EOF;
 			$extendedstatus="ExtendedStatus On";
 		}
 		$mod_status .= <<
 	SetHandler server-status
diff --git a/config/apache_mod_security-dev/apache_mod_security_groups.xml b/config/apache_mod_security-dev/apache_mod_security_groups.xml
index c4651f45..4775fb3c 100644
--- a/config/apache_mod_security-dev/apache_mod_security_groups.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_groups.xml
@@ -190,36 +190,6 @@
 			    
 			
 		
-		
-			mod_security crs 10 setup
-			listtopic
-		
-		
-			mod_security crs 10 setup
-			crs10
-			
-			
-			modsecurity_crs_10_setup.conf file.
Leave empty to load setup defaults.]]>
-			textarea
-			base64
-			15
-			90
-		
-		
-			Custom mod_security ErrorDocument
-			listtopic
-		
-		
-			Custom mod_security ErrorDocument
-			errordocument
-			
-			
-			Custom mod_security ErrorDocument.
-			textarea
-			base64
-		      	10
-		      	90
-		
 		
 			Custom mod_security rules
 			listtopic
diff --git a/config/apache_mod_security-dev/apache_mod_security_settings.xml b/config/apache_mod_security-dev/apache_mod_security_settings.xml
index 68581687..bbc7da4a 100644
--- a/config/apache_mod_security-dev/apache_mod_security_settings.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_settings.xml
@@ -122,6 +122,36 @@
 			input
 			10
 		
+		
+			mod_security crs 10 setup
+			listtopic
+		
+		
+			mod_security crs 10 setup
+			crs10
+			
+			
+			modsecurity_crs_10_setup.conf file.
Leave empty to load setup defaults.]]>
+			textarea
+			base64
+			15
+			90
+		
+		
+			Custom mod_security ErrorDocument
+			listtopic
+		
+		
+			Custom mod_security ErrorDocument
+			errordocument
+			
+			
+			Custom mod_security ErrorDocument.
+			textarea
+			base64
+		      	10
+		      	90
+		
 		
 			Modsecurity addons
 			listtopic
diff --git a/config/apache_mod_security-dev/apache_mod_security_sync.xml b/config/apache_mod_security-dev/apache_mod_security_sync.xml
index 3e1c0a9c..7ecfb68e 100755
--- a/config/apache_mod_security-dev/apache_mod_security_sync.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_sync.xml
@@ -86,11 +86,11 @@
 			
 			250
 			
-				
-				
-				
+				
 				
-				
+				
+				
+				
 			
 		
 		
diff --git a/config/apache_mod_security-dev/apache_settings.xml b/config/apache_mod_security-dev/apache_settings.xml
index 14415362..1dd4bc78 100644
--- a/config/apache_mod_security-dev/apache_settings.xml
+++ b/config/apache_mod_security-dev/apache_settings.xml
@@ -67,6 +67,11 @@
 			/pkg.php?xml=apache_balancer.xml
 			2
 		
+		
+			Location(s)
+			/pkg.php?xml=apache_location.xml
+			2
+		
 		
 			Virtual Hosts
 			/pkg.php?xml=apache_virtualhost.xml
@@ -88,6 +93,7 @@
 			globalsiteadminemail
 			Enter the site administrators e-mail address
 			input
+			25
 		
 		
 			Server hostname
@@ -97,6 +103,7 @@
 					NOTE: Leave blank to use this devices hostname.]]>
 			
 			input
+			25
 		
 		
 			Default Bind to IP Address
diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php
index 494f37cd..10bb1db6 100644
--- a/config/apache_mod_security-dev/apache_view_logs.php
+++ b/config/apache_mod_security-dev/apache_view_logs.php
@@ -106,6 +106,7 @@ function showLog(content,url,logtype)
 				unset ($tab_array);
 				$tab_array[] = array(gettext("Daemon Options"), false, "pkg_edit.php?xml=apache_settings.xml");
 				$tab_array[] = array(gettext("Backends / Balancers"), false, "/pkg.php?xml=apache_balancer.xml");
+				$tab_array[] = array(gettext("Location(s)"), false, "/pkg.php?xml=apache_location.xml");
 				$tab_array[] = array(gettext("Virtual Hosts"), false, "/pkg.php?xml=apache_virtualhost.xml");
 				$tab_array[] = array(gettext("Logs"), true, "/apache_view_logs.php");
 				display_top_tabs($tab_array);
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml
index 53478721..c2c4837b 100644
--- a/config/apache_mod_security-dev/apache_virtualhost.xml
+++ b/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -119,6 +119,11 @@
 		0755
 		http://www.pfsense.org/packages/config/apache_mod_security-dev/pkg_apache.inc
 	
+	
+		/usr/local/pkg/
+		0755
+		http://www.pfsense.org/packages/config/apache_mod_security-dev/apache_location.xml
+	
 	
 		
 			Apache
@@ -143,6 +148,11 @@
 			/pkg.php?xml=apache_balancer.xml
 			2
 		
+		
+			Location(s)
+			/pkg.php?xml=apache_location.xml
+			2
+		
 		
 			Virtual Hosts
 			/pkg.php?xml=apache_virtualhost.xml
@@ -266,101 +276,22 @@
 			refid
 			none
 		
-		
-			
-			listtopic
-		
 		
 			
 				
 			
 			locations
 			rowhelper
-			
-			
-			on
 			
 				
-					
-					compress
-					Compress data to save bandwidth?
-				   	select			
-					
-					
-					
-					
-				
-				
-					
-					sitepath
-					leave blank to use /]]>
-					input
-					12
-				
-				
-					
-					balancer
-					Server balancer / pool
-					
-					name
-					name
-					none
-					select_source
-					5
-				
-				
-					LB Method]]>
-					lbmethod
-					Server balance method
-					select
-					
-						
-						
-						
-					
-				
-				
-					Backend Path
-					backendpath
-					Leave blank to use /]]>
-					input
-					12
-				
-				
-					
-					modsecgroup
-					Choose ModSecurity group to use on this virtual host.
-					select_source
-					
+					
+					Location
+					Server locatino
+					
 					name
 					name
 					none
-				
-				
-					
-					modsecmanipulation
-					Choose Modsecurity group to use on this virtual host.
 					select_source
-					
-					name
-					name
-					none
-				
-				
-					  Balancer options]]>
-					options
-					ex: ttl=60 stickysession='JSESSIONID']]>
-					input
-					11
-				
-				
-					Location Custom Settings
-					custom
-					
-					textarea
-					65
-					10
-					base64
 				
 			
 		
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 4d5015f1..2da68336 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -212,9 +212,12 @@
 		Apache with mod_security-dev
 		http://doc.pfsense.org/index.php/ProxyServerModSecurity_package
 		http://www.modsecurity.org/
-		ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.
+		
+				It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

+				In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.

+				Backup your location config before updating form 0.2.x to 0.3 package version.]]>
 		Network Management
-		2.2.23 pkg v0.2.4
+		2.2.23 pkg v0.3
 		ALPHA
 		2.0
 		http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index cfb81e59..54e0ea0f 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -199,9 +199,12 @@
 		Apache with mod_security-dev
 		http://doc.pfsense.org/index.php/ProxyServerModSecurity_package
 		http://www.modsecurity.org/
-		ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.
+		
+			It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

+			In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.

+			Backup your location config before updating form 0.2.x to 0.3 package version.]]>
 		Network Management
-		2.2.23 pkg v0.2.4
+		2.2.23 pkg v0.3
 		ALPHA
 		2.0
 		http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml
-- 
cgit v1.2.3


From cbc1ba10d307df94cd619f11d1ce455a0d8e43e9 Mon Sep 17 00:00:00 2001
From: jim-p 
Date: Thu, 14 Nov 2013 12:55:37 -0500
Subject: Missed this file in the previous commit.

---
 .../openvpn-client-export/vpn_openvpn_export.php   | 34 +++++++++++++---------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index f0bcbee2..44744832 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -138,7 +138,7 @@ if (!empty($act)) {
 	$advancedoptions = $_GET['advancedoptions'];
 	$openvpnmanager = $_GET['openvpnmanager'];
 
-	$quoteservercn = $_GET['quoteservercn'];
+	$verifyservercn = $_GET['verifyservercn'];
 	$usetoken = $_GET['usetoken'];
 	if ($usetoken && (substr($act, 0, 10) == "confinline"))
 		$input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration.";
@@ -213,17 +213,17 @@ if (!empty($act)) {
 				$exp_name = urlencode($exp_name."-config.ovpn");
 				$expformat = "baseconf";
 		}
-		$exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions);
+		$exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions);
 	}
 
 	if($act == "visc") {
 		$exp_name = urlencode($exp_name."-Viscosity.visc.zip");
-		$exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions);
+		$exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions);
 	}
 
 	if(substr($act, 0, 4) == "inst") {
 		$exp_name = urlencode($exp_name."-install.exe");
-		$exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5));
+		$exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5));
 	}
 
 	if (!$exp_path) {
@@ -304,9 +304,9 @@ function download_begin(act, i, j) {
 
 	advancedoptions = document.getElementById("advancedoptions").value;
 
-	var quoteservercn = 0;
-	if (document.getElementById("quoteservercn").checked)
-		quoteservercn = 1;
+	var verifyservercn;
+	verifyservercn = document.getElementById("verifyservercn").value;
+
 	var usetoken = 0;
 	if (document.getElementById("usetoken").checked)
 		usetoken = 1;
@@ -380,7 +380,7 @@ function download_begin(act, i, j) {
 		dlurl += "&crtid=" + escape(certs[j][0]);
 	}
 	dlurl += "&useaddr=" + escape(useaddr);
-	dlurl += ""eservercn=" + escape(quoteservercn);
+	dlurl += "&verifyservercn=" + escape(verifyservercn);
 	dlurl += "&openvpnmanager=" + escape(openvpnmanager);
 	dlurl += "&usetoken=" + escape(usetoken);
 	if (usepass)
@@ -619,16 +619,22 @@ function useproxy_changed(obj) {
 						
 					
 					
-						Quote Server CN
+						Verify Server CN
 						
-							
+							

-									
-- 
cgit v1.2.3


From ff99cf6899b67e84d58a1cce4a584f1edc9664d3 Mon Sep 17 00:00:00 2001
From: jim-p 
Date: Thu, 14 Nov 2013 12:58:08 -0500
Subject: Bump version again

---
 config/openvpn-client-export/openvpn-client-export.xml | 2 +-
 pkg_config.8.xml                                       | 2 +-
 pkg_config.8.xml.amd64                                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml
index fa5ce6cf..4c0518b2 100755
--- a/config/openvpn-client-export/openvpn-client-export.xml
+++ b/config/openvpn-client-export/openvpn-client-export.xml
@@ -1,7 +1,7 @@
 
 
 	OpenVPN Client Export
-	1.2.1
+	1.2.2
 	OpenVPN Client Export
 	/usr/local/pkg/openvpn-client-export.inc
 	
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 2da68336..5cf60d43 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -1466,7 +1466,7 @@
 		zip-3.0-i386.pbi p7zip-9.20.1-i386.pbi
 		/usr/ports/archivers/p7zip
 		/usr/ports/archivers/zip
-		1.2.1
+		1.2.2
 		RELEASE
 		2.0
 		http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 54e0ea0f..2231dde3 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -1453,7 +1453,7 @@
 		p7zip-9.20.1-amd64.pbi zip-3.0-amd64.pbi
 		/usr/ports/archivers/p7zip
 		/usr/ports/archivers/zip
-		1.2.1
+		1.2.2
 		RELEASE
 		2.0
 		http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml
-- 
cgit v1.2.3


From 850081cc50dc05336bfc837c75c8831a6e90399a Mon Sep 17 00:00:00 2001
From: "Danilo G. Baio (dbaio)" 
Date: Fri, 15 Nov 2013 09:51:44 -0200
Subject: sarg - fix default value (date_time_by)

---
 config/sarg/sarg.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc
index 59b7eb11..7495f3b0 100644
--- a/config/sarg/sarg.inc
+++ b/config/sarg/sarg.inc
@@ -272,6 +272,8 @@ function sync_package_sarg() {
 	$bytes_in_sites_users_report=(preg_match('/bytes_in_sites_users_report/',$sarg['report_options'])?"yes":"no");
 	$date_time_by=(preg_match('/date_time_by_bytes/',$sarg['report_options'])?"bytes":"");
 	$date_time_by.=(preg_match('/date_time_by_elap/',$sarg['report_options'])?" elap":"");
+	if($date_time_by == "")
+		$date_time_by="bytes";
 	$date_format=(preg_match("/\w/",$sarg['report_date_format'])?$sarg['report_date_format']:"u");
 	$report_type=preg_replace('/,/',' ',$sarg['report_type']);
 	$report_charset=(empty($sarg['report_charset'])?"UTF-8":$sarg['report_charset']);
-- 
cgit v1.2.3


From c73be282209c62d450d874ba5a358e1d1fd565ed Mon Sep 17 00:00:00 2001
From: "Danilo G. Baio (dbaio)" 
Date: Fri, 15 Nov 2013 10:13:37 -0200
Subject: sarg - using empty()

---
 config/sarg/sarg.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc
index 7495f3b0..1a4db315 100644
--- a/config/sarg/sarg.inc
+++ b/config/sarg/sarg.inc
@@ -272,7 +272,7 @@ function sync_package_sarg() {
 	$bytes_in_sites_users_report=(preg_match('/bytes_in_sites_users_report/',$sarg['report_options'])?"yes":"no");
 	$date_time_by=(preg_match('/date_time_by_bytes/',$sarg['report_options'])?"bytes":"");
 	$date_time_by.=(preg_match('/date_time_by_elap/',$sarg['report_options'])?" elap":"");
-	if($date_time_by == "")
+	if(empty($date_time_by))
 		$date_time_by="bytes";
 	$date_format=(preg_match("/\w/",$sarg['report_date_format'])?$sarg['report_date_format']:"u");
 	$report_type=preg_replace('/,/',' ',$sarg['report_type']);
-- 
cgit v1.2.3


From 0ab0ff3b0c13fbbb0864a97976dceba002b07251 Mon Sep 17 00:00:00 2001
From: jim-p 
Date: Fri, 15 Nov 2013 10:23:04 -0500
Subject: Fix this so it doesn't falsely toss an error if the server returns a
 different, but still OK, result than expected (e.g. if using Squid 3)

---
 config/lightsquid/sqstat.class.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/lightsquid/sqstat.class.php b/config/lightsquid/sqstat.class.php
index 228aecfe..03695a47 100644
--- a/config/lightsquid/sqstat.class.php
+++ b/config/lightsquid/sqstat.class.php
@@ -179,7 +179,8 @@ class squidstat{
 		}
 		fclose($this->fp);
 
-		if ($raw[0]!="HTTP/1.0 200 OK") {			$this->errorMsg(1, "Cannot get data. Server answered: $raw[0]");
+		if (!preg_match("/^HTTP.* 200 OK$/", $raw[0])) {
+			$this->errorMsg(1, "Cannot get data. Server answered: $raw[0]");
 			return false;
 		}
 
-- 
cgit v1.2.3


From 78ba67d63e6808adace9b8cf55253790042ad76a Mon Sep 17 00:00:00 2001
From: jim-p 
Date: Fri, 15 Nov 2013 10:25:36 -0500
Subject: Version bump for lightsquid

---
 pkg_config.8.xml       | 2 +-
 pkg_config.8.xml.amd64 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 5cf60d43..ad048cdb 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -707,7 +707,7 @@
 		High perfomance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.
 		http://lightsquid.sf.net/
 		Network Report
-		1.8.0 pkg v.2.32
+		1.8.0 pkg v.2.33
 		dv_serg@mail.ru
 		http://files.pfsense.org/packages/8/All/
 		lightsquid-1.8_2.tbz
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 2231dde3..8134bcd7 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -694,7 +694,7 @@
 		High perfomance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.
 		http://lightsquid.sf.net/
 		Network Report
-		1.8.2 pkg v.2.32
+		1.8.2 pkg v.2.33
 		dv_serg@mail.ru
 		http://files.pfsense.org/packages/amd64/8/All/
 		lightsquid-1.8_2.tbz
-- 
cgit v1.2.3


From e5297488b05578d1f903b38378a8b107884b28fc Mon Sep 17 00:00:00 2001
From: timdufrane 
Date: Mon, 18 Nov 2013 08:45:03 -0500
Subject: Add syslog capability

---
 config/dansguardian/dansguardian.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index 12c2af93..7f8f2cca 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -231,6 +231,7 @@ function sync_package_dansguardian($via_rpc="no",$install_process=false) {
 	$nologger=(preg_match('/nologger/',$dansguardian_log['logging_options'])?"on":"off");
 	$logadblocks=(preg_match('/logadblocks/',$dansguardian_log['logging_options'])?"on":"off");
 	$anonymizelogs=(preg_match('/anonymizelogs/',$dansguardian_log['logging_options'])?"on":"off");
+	$logsyslog=(preg_match('/logsyslog/',$dansguardian_log['logging_options'])?"on":"off");
 
 	$loglevel=($dansguardian_log['loglevel']?$dansguardian_log['loglevel']:"2");
 	$logexceptionhits=($dansguardian_log['logexceptionhits']?$dansguardian_log['logexceptionhits']:"2");
-- 
cgit v1.2.3


From e503cf5272a69a58f3da62239464f166a0120081 Mon Sep 17 00:00:00 2001
From: timdufrane 
Date: Mon, 18 Nov 2013 08:45:48 -0500
Subject: Add syslog capability

---
 config/dansguardian/dansguardian_log.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml
index 88281dff..97cd5b0b 100644
--- a/config/dansguardian/dansguardian_log.xml
+++ b/config/dansguardian/dansguardian_log.xml
@@ -197,6 +197,7 @@
  				
  				
  				
+				
  				
  				
  				6
-- 
cgit v1.2.3


From 175f18fd8f44c7d98ca1ad924393ee991ec13e42 Mon Sep 17 00:00:00 2001
From: timdufrane 
Date: Mon, 18 Nov 2013 08:58:00 -0500
Subject: Add syslog capability

---
 config/dansguardian/dansguardian.conf.template | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template
index ed514eca..a6bcee1c 100755
--- a/config/dansguardian/dansguardian.conf.template
+++ b/config/dansguardian/dansguardian.conf.template
@@ -90,7 +90,7 @@ anonymizelogs = {$anonymizelogs}
 #
 # Use syslog for access logging instead of logging to the file
 # at the defined or built-in "loglocation"
-#logsyslog = off
+logsyslog = {$logsyslog}
 
 # Log file location
 # 
-- 
cgit v1.2.3


From e4134a32be37cf52e1abcffa30b3f628b2b294a8 Mon Sep 17 00:00:00 2001
From: Marcello Coutinho 
Date: Mon, 18 Nov 2013 20:07:53 -0200
Subject: squid3-dev - remove AUTH_SASL to avoid missing libs startup error.

---
 pkg_config.8.xml       | 2 +-
 pkg_config.8.xml.amd64 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index ad048cdb..8f13f1df 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -1290,7 +1290,7 @@
 			www/squid33
 			www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss www/c-icap-modules
 		
-		c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD
+		c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD
 		http://www.pfsense.org/packages/config/squid3/33/squid.xml
 		squid.xml
 		squid-3.3.8-i386.pbi
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 8134bcd7..155df196 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -1277,7 +1277,7 @@
 			www/squid33
 			www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss www/c-icap-modules
 		
-		c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI ECAP SNMP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD
+		c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI ECAP SNMP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD
 		http://www.pfsense.org/packages/config/squid3/33/squid.xml
 		squid.xml
 		squid-3.3.8-amd64.pbi
-- 
cgit v1.2.3


From 7ef52360d392376b8bdad729b8b628966cf009ec Mon Sep 17 00:00:00 2001
From: Marcello Coutinho 
Date: Tue, 19 Nov 2013 14:15:44 -0200
Subject: apache-modsecurity-dev - update apache compile options to 2.4

---
 pkg_config.8.xml       | 6 +++---
 pkg_config.8.xml.amd64 | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 8f13f1df..4de1fe19 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -217,7 +217,7 @@
 				In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.

 				Backup your location config before updating form 0.2.x to 0.3 package version.]]>
 		Network Management
-		2.2.23 pkg v0.3
+		2.4.6 pkg v0.3
 		ALPHA
 		2.0
 		http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -251,10 +251,10 @@
 		
 			proxy_mod_security
 			devel/gettext misc/help2man databases/db42 databases/gdbm devel/apr1 www/p5-LWP-UserAgent-Determined www/p5-LWP-Protocol-https security/gnupg security/p5-GnuPG net/spread textproc/p5-XML-Smart lang/p5-Switch www/p5-Data-Validate-URI devel/p5-Data-Types devel/p5-Acme-Comment
-			www/apache22-worker-mpm
+			www/apache24
 			www/mod_security www/mod_memcache
 		
-		OPTIONS_UNSET=BDB MYSQL PGSQL;OPTIONS_SET=SQLITE THREADS IPV6 SSL;WITH_MPM=worker;apache22-worker-mpm_UNSET=AUTHNZ_LDAP AUTHN_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN CGID DBD EXT_FILTER LDAP LOG_FORENSIC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT SUBSTITUTE SUEXEC SUEXEC_RSRCLIMIT;apache22-worker-mpm_SET=ACTIONS ALIAS AUTHN_ALIAS VHOST_ALIAS ASIS AUTHN_ANON AUTHN_DBM AUTHN_DEFAULT AUTHN_FILE AUTHZ_DBM AUTHZ_DEFAULT AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTOINDEX CACHE DISK_CACHE FILE_CACHE MEM_CACHE CERN_META CGI CHARSET_LITE DAV DAV_FS DEFLATE DIR DUMPIO ENV EXPIRES FILTER HEADERS IMAGEMAP INCLUDE INFO LOGIO LOG_CONFIG  MIME MIME_MAGIC NEGOTIATION PROXY PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_FTP PROXY_HTTP PROXY_SCGI REQTIMEOUT REWRITE SETENVIF SPELING STATUS THREADS UNIQUE_ID USERDIR USERTRACK VERSION;mod_security_SET=MLOGC
+		apache24_UNSET=MPM_PREFORK MOST_DISABLED_MODULES PROXY_DISABLED_MODULES SESSION_DISABLED_MODULES;apache24_SET=MPM_EVENT MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC
 		Please visit the ProxyServer settings tab and set the service up so that it may be started.
 	
 	
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 155df196..d3f851a7 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -204,7 +204,7 @@
 			In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.

 			Backup your location config before updating form 0.2.x to 0.3 package version.]]>
 		Network Management
-		2.2.23 pkg v0.3
+		2.4.6 pkg v0.3
 		ALPHA
 		2.0
 		http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -238,10 +238,10 @@
 		
 			proxy_mod_security
 			devel/gettext misc/help2man databases/db42 databases/gdbm devel/apr1 www/p5-LWP-UserAgent-Determined www/p5-LWP-Protocol-https security/gnupg security/p5-GnuPG net/spread textproc/p5-XML-Smart lang/p5-Switch www/p5-Data-Validate-URI devel/p5-Data-Types devel/p5-Acme-Comment
-			www/apache22-worker-mpm
+			www/apache24
 			www/mod_security www/mod_memcache
 		
-		OPTIONS_UNSET=BDB MYSQL PGSQL;OPTIONS_SET=SQLITE THREADS IPV6 SSL;WITH_MPM=worker;apache22-worker-mpm_UNSET=AUTHNZ_LDAP AUTHN_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN CGID DBD EXT_FILTER LDAP LOG_FORENSIC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT SUBSTITUTE SUEXEC SUEXEC_RSRCLIMIT;apache22-worker-mpm_SET=ACTIONS ALIAS AUTHN_ALIAS VHOST_ALIAS ASIS AUTHN_ANON AUTHN_DBM AUTHN_DEFAULT AUTHN_FILE AUTHZ_DBM AUTHZ_DEFAULT AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTOINDEX CACHE DISK_CACHE FILE_CACHE MEM_CACHE CERN_META CGI CHARSET_LITE DAV DAV_FS DEFLATE DIR DUMPIO ENV EXPIRES FILTER HEADERS IMAGEMAP INCLUDE INFO LOGIO LOG_CONFIG  MIME MIME_MAGIC NEGOTIATION PROXY PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_FTP PROXY_HTTP PROXY_SCGI REQTIMEOUT REWRITE SETENVIF SPELING STATUS THREADS UNIQUE_ID USERDIR USERTRACK VERSION;mod_security_SET=MLOGC
+		apache24_UNSET=MPM_PREFORK MOST_DISABLED_MODULES PROXY_DISABLED_MODULES SESSION_DISABLED_MODULES;apache24_SET=MPM_EVENT MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC
 		Please visit the ProxyServer settings tab and set the service up so that it may be started.
 	
 	
-- 
cgit v1.2.3


From 35bb5a21f1a46334717d1b1ca60c3981b96143b5 Mon Sep 17 00:00:00 2001
From: Marcello Coutinho 
Date: Wed, 20 Nov 2013 14:38:10 -0200
Subject: apache-modsecurity - add SLOTMEM_SHM compile option to apache2.4

---
 pkg_config.8.xml       | 2 +-
 pkg_config.8.xml.amd64 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 4de1fe19..d581bfbd 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -254,7 +254,7 @@
 			www/apache24
 			www/mod_security www/mod_memcache
 		
-		apache24_UNSET=MPM_PREFORK MOST_DISABLED_MODULES PROXY_DISABLED_MODULES SESSION_DISABLED_MODULES;apache24_SET=MPM_EVENT MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC
+		apache24_UNSET=MPM_PREFORK;apache24_SET=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC
 		Please visit the ProxyServer settings tab and set the service up so that it may be started.
 	
 	
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index d3f851a7..29ace26f 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -241,7 +241,7 @@
 			www/apache24
 			www/mod_security www/mod_memcache
 		
-		apache24_UNSET=MPM_PREFORK MOST_DISABLED_MODULES PROXY_DISABLED_MODULES SESSION_DISABLED_MODULES;apache24_SET=MPM_EVENT MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC
+		apache24_UNSET=MPM_PREFORK;apache24_SET=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC
 		Please visit the ProxyServer settings tab and set the service up so that it may be started.
 	
 	
-- 
cgit v1.2.3


From 5bef115b26a557457594ee71975b46b83b3eb4a8 Mon Sep 17 00:00:00 2001
From: Stephane Lapie 
Date: Thu, 21 Nov 2013 12:28:55 +0900
Subject: Fixing presentation, typos and location selector

- Fixed presentation (capitalization mostly)
- Fixed a few typos
- Fixed fieldname in apache_virtualhost.xml for location referencing
- Add a comment to virtualhost config to identify locations
---
 config/apache_mod_security-dev/apache_balancer.xml | 22 +++++++++++-----------
 config/apache_mod_security-dev/apache_location.xml |  2 +-
 .../apache_mod_security.inc                        |  1 +
 .../apache_mod_security-dev/apache_virtualhost.xml |  6 +++---
 4 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml
index 015da143..5e02f9d4 100755
--- a/config/apache_mod_security-dev/apache_balancer.xml
+++ b/config/apache_mod_security-dev/apache_balancer.xml
@@ -112,20 +112,20 @@
 	
 	
 		
-			apache Reverse Peer Mappings
+			Apache Reverse Peer Mappings
 			listtopic
 		
 			
 			Enable
 			enable
-			If this field is checked, then this server poll will be available for virtual hosts config.
+			If this field is checked, then this server pool will be available for Virtual Hosts configuration.
 			checkbox
 		
 		
 			Balancer name
 			name
-			
-						example: www_site1]]>
+			
+						Example: www_site1]]>
 			input
 			20
 		
@@ -139,7 +139,7 @@
 		
 			Protocol
 			proto
-			
+			
 			select
 			
 				
@@ -161,40 +161,40 @@
 				
 					FQDN or IP Address
 					host
-					Internal site IP or Hostnamesite
+					Internal site IP or site hostname
 					input
 					27
 				
 				
-					port
+					Port
 					port
 					Internal site port
 					input
 					5
 				
 				
-					routeid
+					Route ID
 					routeid
 					ID to define sticky connections
 					input
 					6
 				
 				
-					weight
+					Weight
 					loadfactor
 					Server weight
 					input
 					4
 				
 				
-					ping
+					Ping
 					ping
 					Server ping test interval
 					input
 					6
 				
 				
-					ttl
+					TTL
 					ttl
 					Server ping TTL
 					input
diff --git a/config/apache_mod_security-dev/apache_location.xml b/config/apache_mod_security-dev/apache_location.xml
index 315cca4c..ea957f43 100644
--- a/config/apache_mod_security-dev/apache_location.xml
+++ b/config/apache_mod_security-dev/apache_location.xml
@@ -104,7 +104,7 @@
 			balancer
 		
 		
-			lbmethod
+			LB Method
 			lbmethod
 		
 		
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc
index c58210dc..31be95cf 100644
--- a/config/apache_mod_security-dev/apache_mod_security.inc
+++ b/config/apache_mod_security-dev/apache_mod_security.inc
@@ -582,6 +582,7 @@ EOF;
 				foreach ($virtualhost['row'] as $be){
 					if ($be['location'] != "none"){
 						$backend=$apache_location[$be['location']];
+						$vh_config.="# {$backend['name']}\n";
 						$vh_config.=" \n";
 						$vh_config.="  ProxyPass        balancer://{$backend['balancer']}{$backend['backendpath']}\n";
 						$vh_config.="  ProxyPassReverse balancer://{$backend['balancer']}{$backend['backendpath']}\n";
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml
index c2c4837b..747ef975 100644
--- a/config/apache_mod_security-dev/apache_virtualhost.xml
+++ b/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -267,7 +267,7 @@
 			none
 		
 		
-			intermediate CA certificate(optional)
+			Intermediate CA certificate (optional)
 			reverse_int_ca
 			Select intermediate CA assigned to certificate. Not all certificates require this.
 			select_source
@@ -285,8 +285,8 @@
 			
 				
 					
-					Location
-					Server locatino
+					location
+					Server Location
 					
 					name
 					name
-- 
cgit v1.2.3



 								

 									
-										
-									
+										
+										

 										
-											 Enclose the server CN in quotes. Can help if your server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed.
+											Optionally verify the server certificate Common Name (CN) when the client connects. Current clients, including the most recent versions of Windows, Viscosity, Tunnelblick, OpenVPN on iOS and Android and so on should all work at the default automatic setting.
+											

Only use tls-remote if you must use an older client that you cannot control. The option has been deprecated by OpenVPN and will be removed in the next major version.
+											

With tls-remote the server CN may optionally be enclosed in quotes. This can help if the server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed.