From 5a1440a0151d1a80445206e7350e34cf74269ace Mon Sep 17 00:00:00 2001
From: Marcello Coutinho <marcellocoutinho@gmail.com>
Date: Fri, 8 Nov 2013 20:17:47 -0200
Subject: apache-modsecurity-dev - fix apache listening and virtualhosts check
 add some new gui options to balancer and virtualhosts tab check if
 modsecurity rules are present before extracting

---
 config/apache_mod_security-dev/apache_balancer.xml | 18 ++++--
 .../apache_mod_security.inc                        | 68 +++++++++++-----------
 .../apache_mod_security-dev/apache_virtualhost.xml | 22 +++++--
 config/apache_mod_security-dev/pkg_apache.inc      | 11 ++++
 4 files changed, 75 insertions(+), 44 deletions(-)
 create mode 100755 config/apache_mod_security-dev/pkg_apache.inc

(limited to 'config/apache_mod_security-dev')

diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml
index b3acba57..3c8de686 100755
--- a/config/apache_mod_security-dev/apache_balancer.xml
+++ b/config/apache_mod_security-dev/apache_balancer.xml
@@ -139,6 +139,9 @@
               <option> <name>HTTP</name> <value>http</value> </option>
               <option> <name>HTTPS</name> <value>https</value> </option>
             </options>
+		</field>		<field>
+			<name><![CDATA[Internal Server(s)]]></name>
+			<type>listtopic</type>
 		</field>
 <field>
 			<fielddescr>
@@ -146,48 +149,51 @@
 			</fielddescr>
 			<fieldname>additionalparameters</fieldname>
 		    <type>rowhelper</type>
+			<dontdisplayname/>
+			<usecolspan2/>
+			<movable>on</movable>
 		    <rowhelper>
 				<rowhelperfield>
 				    <fielddescr>fqdn or ip</fielddescr>
 				    <fieldname>host</fieldname>
 				    <description>Internal site IP or Hostnamesite</description>
 				    <type>input</type>
-				    <size>20</size>
+				    <size>27</size>
 				</rowhelperfield>
 				<rowhelperfield>
 				    <fielddescr>port</fielddescr>
 				    <fieldname>port</fieldname>
 				    <description>Internal site port</description>
 				    <type>input</type>
-				    <size>4</size>
+				    <size>5</size>
 				</rowhelperfield>
 				<rowhelperfield>
 				    <fielddescr>routeid</fielddescr>
 				    <fieldname>routeid</fieldname>
 				    <description>id to define stick connections</description>
 				    <type>input</type>
-				    <size>4</size>
+				    <size>6</size>
 				</rowhelperfield>
 				<rowhelperfield>
 				    <fielddescr>weight</fielddescr>
 				    <fieldname>loadfactor</fieldname>
 				    <description>Server weight</description>
 				    <type>input</type>
-				    <size>4</size>
+				    <size>6</size>
 				</rowhelperfield>
 				<rowhelperfield>
 				    <fielddescr>ping</fielddescr>
 				    <fieldname>ping</fieldname>
 				    <description>Server ping test interval</description>
 				    <type>input</type>
-				    <size>4</size>
+				    <size>6</size>
 				</rowhelperfield>
 				<rowhelperfield>
 				    <fielddescr>ttl</fielddescr>
 				    <fieldname>ttl</fieldname>
 				    <description>Server pint ttl</description>
 				    <type>input</type>
-				    <size>4</size>
+				    <size>6</size>
 				</rowhelperfield>
 		    </rowhelper>
 		</field>
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc
index fb83f9a6..8ca5b4e3 100644
--- a/config/apache_mod_security-dev/apache_mod_security.inc
+++ b/config/apache_mod_security-dev/apache_mod_security.inc
@@ -27,7 +27,7 @@
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
-
+$shortcut_section = "apache";
 // Check to find out on which system the package is running
 $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
 if ($pf_version > 2.0)
@@ -127,20 +127,23 @@ function apache_mod_security_resync() {
 	global $config, $g;
 	apache_mod_security_install();
 	$dirs=array("base", "experimental","optional", "slr");
-	if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE"))
-		exec ("tar -xzf /usr/local/pkg/modsecurity-crs_2.2.5.tar.gz -C ".APACHEDIR);
-	$write_config=0;
-	foreach ($dirs as $dir){
-		if ($handle = opendir(APACHEDIR ."/".MODSECURITY_DIR."/{$dir}_rules")) {
-		$write_config++;
-		$config['installedpackages']["modsecurityfiles{$dir}"]['config']=array();
-	    while (false !== ($entry = readdir($handle))) {
-    	    if (preg_match("/(\S+).conf/",$entry,$matches))
-    	    	$config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]);
-    		}
-    	closedir($handle);
+	$ms_file="/usr/local/pkg/modsecurity-crs_2.2.5.tar.gz";
+	if (file_exists($ms_file)){
+		if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE"))
+			exec ("tar -xzf $ms_file -C ".APACHEDIR);
+		$write_config=0;
+		foreach ($dirs as $dir){
+			if ($handle = opendir(APACHEDIR ."/".MODSECURITY_DIR."/{$dir}_rules")) {
+				$write_config++;
+				$config['installedpackages']["modsecurityfiles{$dir}"]['config']=array();
+			    while (false !== ($entry = readdir($handle))) {
+		    	    if (preg_match("/(\S+).conf/",$entry,$matches))
+		    	    	$config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]);
+		    		}
+		    	closedir($handle);
+				}
+			}
 		}
-	}
 	if ($write_config > 0)
 		write_config();
 	apache_mod_security_checkconfig();
@@ -230,7 +233,8 @@ function generate_apache_configuration() {
 	
 	//performance settings
 	//reference http://httpd.apache.org/docs/2.2/mod/mpm_common.html
-	$performance_settings="KeepAlive {$settings['keepalive']}\n";
+	$keepalive=($settings['keepalive']?$settings['keepalive']:"on");
+	$performance_settings="KeepAlive {$keepalive}\n";
 	if ($settings['maxkeepalivereq'])
 		$performance_settings .= "MaxKeepAliveRequests {$settings['maxkeepalivereq']}\n";
 	if ($settings['keepalivetimeout'])
@@ -313,6 +317,8 @@ function generate_apache_configuration() {
 		}
 		
 	//configure virtual hosts
+	$namevirtualhosts=array();
+	$namevirtualhosts[0]=$global_listen;
 	if (is_array($config['installedpackages']['apachevirtualhost'])){
 		$vh_config= <<<EOF
 ##################################################################################
@@ -332,6 +338,9 @@ EOF;
 				$iface_address = apache_get_real_interface_address($virtualhost['interface']);
 				$ip=$iface_address[0];
 				$port=($virtualhost['port'] ? $virtualhost['port'] : $default_port[$virtualhost['proto']]);
+				if (!in_array("{$ip}:{$port}",$namevirtualhosts))
+					$namevirtualhosts[]="{$ip}:{$port}";
+				
 				$vh_config.="# {$virtualhost['description']}\n";
 				$vh_config.="<VirtualHost {$ip}:{$port}>\n";
 				$vh_config.=" ServerName ". preg_replace ("/\r\n(\S+)/","\n ServerAlias $1",base64_decode($virtualhost['primarysitehostname'])) ."\n";
@@ -487,31 +496,22 @@ EOF;
 		
 	// clear list of bound addresses before updating
 	$config['installedpackages']['apachesettings']['config'][0]['row'] = array();
-
 	// Process proxy sites
 	// Configure NameVirtualHost directives
 	$aliases = "";
-	$processed = array();
-	if(is_array($config['installedpackages']['apachemodsecurity'])) {
-		foreach($config['installedpackages']['apachemodsecurity']['config'] as $ams) {
-			if($ams['ipaddress'] && $ams['port']) 
-				$local_ip_port = "{$ams['ipaddress']}:{$ams['port']}";
-			else 
-				$local_ip_port = $global_listen;
-			// Do not add entries twice.
-			if(!in_array($local_ip_port, $processed)) {
-				// explicit bind if not global ip:port
-				if ($local_ip_port != $global_listen) {
-					$aliases .= "Listen $local_ip_port\n";
-					// Automatically add this to configuration
-					$config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $ams['ipaddress'], 'ipport' => $ams['port']); 
-				}
-				$mod_proxy .= "NameVirtualHost $local_ip_port\n";
-				$processed[] = $local_ip_port;
+	//add NameVirtualHost and listening entries to configured virtualhosts 
+	foreach ($namevirtualhosts as $namevirtualhost){
+		// explicit bind if not global ip:port
+		if ($namevirtualhost != $global_listen) {
+			$mod_proxy .= "NameVirtualHost {$namevirtualhost}\n";
+			$aliases .= "Listen $namevirtualhost\n";
+			// Automatically add this to configuration
+			$aplisten=split(":",$namevirtualhost);
+			$config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $aplisten[0], 'ipport' => $aplisten[1]);
 			}
 		}
-	}
 
+	
 //** Uncomment to allow adding ip/ports not used by any site proxies
 //** Otherwise unused addresses/ports will be automatically deleted from the configuration
 //	foreach ($configuredaliases as $ams) {
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml
index f971b570..32b9e29c 100644
--- a/config/apache_mod_security-dev/apache_virtualhost.xml
+++ b/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -113,6 +113,11 @@
 		<chmod>0644</chmod>
 		<item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_view_logs.php</item>
 	</additional_files_needed>
+	<additional_files_needed>
+		<prefix>/usr/local/www/shortcuts/</prefix>
+		<chmod>0755</chmod>
+		<item>http://www.pfsense.org/packages/config/bind/pkg_apache.inc</item>
+	</additional_files_needed>
 	<tabs>
 		<tab>
 			<text>Apache</text>
@@ -150,9 +155,12 @@
 		</tab>
 	</tabs>
 	<adddeleteeditpagefields>
+		<movable>on</movable>
 		<columnitem>
 			<fielddescr>Status</fielddescr>
 			<fieldname>enable</fieldname>
+			<listmodeon>Enabled</listmodeon>
+			<listmodeoff>Disabled</listmodeoff>
 		</columnitem>
 		<columnitem>
 			<fielddescr>Iface</fielddescr>
@@ -266,12 +274,19 @@
 			<source_value>refid</source_value>
 			<show_disable_value>none</show_disable_value>
 		</field>
+		<field>
+			<name><![CDATA[Location(s)]]></name>
+			<type>listtopic</type>
+		</field>
 		<field>
 			<fielddescr>
 				<![CDATA[Location(s)]]>
 			</fielddescr>
 			<fieldname>locations</fieldname>
 		    <type>rowhelper</type>
+		    <dontdisplayname/>
+			<usecolspan2/>
+			<movable>on</movable>
 		    <rowhelper>
 				<rowhelperfield>
 				    <fielddescr><![CDATA[gzip?]]></fielddescr>
@@ -288,7 +303,7 @@
 				    <fieldname>sitepath</fieldname>
 				    <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description>
 				    <type>input</type>
-				    <size>5</size>
+				    <size>13</size>
 				</rowhelperfield>
 				<rowhelperfield>
 					<fielddescr><![CDATA[Balancer]]></fielddescr>
@@ -317,7 +332,7 @@
 				    <fieldname>backendpath</fieldname>
 				    <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description>
 				    <type>input</type>
-				    <size>5</size>
+				    <size>13</size>
 				</rowhelperfield>
 				<rowhelperfield>
 					<fielddescr><![CDATA[ModSecurity]]></fielddescr>
@@ -344,7 +359,7 @@
 				    <fieldname>options</fieldname>
 				    <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description>
 				    <type>input</type>
-				    <size>5</size>
+				    <size>12</size>
 				</rowhelperfield>
 		    </rowhelper>
 		</field>
@@ -388,7 +403,6 @@
 			<rows>10</rows>
 			<encoding>base64</encoding>
 		</field>
-		
 	</fields>
 	<service>
 		<name>apache_mod_security</name>
diff --git a/config/apache_mod_security-dev/pkg_apache.inc b/config/apache_mod_security-dev/pkg_apache.inc
new file mode 100755
index 00000000..97fb2417
--- /dev/null
+++ b/config/apache_mod_security-dev/pkg_apache.inc
@@ -0,0 +1,11 @@
+<?php
+
+global $shortcuts;
+
+$shortcuts['apache'] = array();
+$shortcuts['apache']['main'] = "pkg_edit.php?xml=apache_virtualhost.xml";
+$shortcuts['apache']['log'] = "diag_logs.php";
+$shortcuts['apache']['status'] = "status_services.php";
+$shortcuts['apache']['service'] = "apache_mod_security";
+
+?>
-- 
cgit v1.2.3