From 5a1440a0151d1a80445206e7350e34cf74269ace Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Fri, 8 Nov 2013 20:17:47 -0200 Subject: apache-modsecurity-dev - fix apache listening and virtualhosts check add some new gui options to balancer and virtualhosts tab check if modsecurity rules are present before extracting --- config/apache_mod_security-dev/apache_balancer.xml | 18 ++++-- .../apache_mod_security.inc | 68 +++++++++++----------- .../apache_mod_security-dev/apache_virtualhost.xml | 22 +++++-- config/apache_mod_security-dev/pkg_apache.inc | 11 ++++ 4 files changed, 75 insertions(+), 44 deletions(-) create mode 100755 config/apache_mod_security-dev/pkg_apache.inc (limited to 'config/apache_mod_security-dev') diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml index b3acba57..3c8de686 100755 --- a/config/apache_mod_security-dev/apache_balancer.xml +++ b/config/apache_mod_security-dev/apache_balancer.xml @@ -139,6 +139,9 @@ + + + listtopic @@ -146,48 +149,51 @@ additionalparameters rowhelper + + + on fqdn or ip host Internal site IP or Hostnamesite input - 20 + 27 port port Internal site port input - 4 + 5 routeid routeid id to define stick connections input - 4 + 6 weight loadfactor Server weight input - 4 + 6 ping ping Server ping test interval input - 4 + 6 ttl ttl Server pint ttl input - 4 + 6 diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index fb83f9a6..8ca5b4e3 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -27,7 +27,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "apache"; // Check to find out on which system the package is running $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version > 2.0) @@ -127,20 +127,23 @@ function apache_mod_security_resync() { global $config, $g; apache_mod_security_install(); $dirs=array("base", "experimental","optional", "slr"); - if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE")) - exec ("tar -xzf /usr/local/pkg/modsecurity-crs_2.2.5.tar.gz -C ".APACHEDIR); - $write_config=0; - foreach ($dirs as $dir){ - if ($handle = opendir(APACHEDIR ."/".MODSECURITY_DIR."/{$dir}_rules")) { - $write_config++; - $config['installedpackages']["modsecurityfiles{$dir}"]['config']=array(); - while (false !== ($entry = readdir($handle))) { - if (preg_match("/(\S+).conf/",$entry,$matches)) - $config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]); - } - closedir($handle); + $ms_file="/usr/local/pkg/modsecurity-crs_2.2.5.tar.gz"; + if (file_exists($ms_file)){ + if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE")) + exec ("tar -xzf $ms_file -C ".APACHEDIR); + $write_config=0; + foreach ($dirs as $dir){ + if ($handle = opendir(APACHEDIR ."/".MODSECURITY_DIR."/{$dir}_rules")) { + $write_config++; + $config['installedpackages']["modsecurityfiles{$dir}"]['config']=array(); + while (false !== ($entry = readdir($handle))) { + if (preg_match("/(\S+).conf/",$entry,$matches)) + $config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]); + } + closedir($handle); + } + } } - } if ($write_config > 0) write_config(); apache_mod_security_checkconfig(); @@ -230,7 +233,8 @@ function generate_apache_configuration() { //performance settings //reference http://httpd.apache.org/docs/2.2/mod/mpm_common.html - $performance_settings="KeepAlive {$settings['keepalive']}\n"; + $keepalive=($settings['keepalive']?$settings['keepalive']:"on"); + $performance_settings="KeepAlive {$keepalive}\n"; if ($settings['maxkeepalivereq']) $performance_settings .= "MaxKeepAliveRequests {$settings['maxkeepalivereq']}\n"; if ($settings['keepalivetimeout']) @@ -313,6 +317,8 @@ function generate_apache_configuration() { } //configure virtual hosts + $namevirtualhosts=array(); + $namevirtualhosts[0]=$global_listen; if (is_array($config['installedpackages']['apachevirtualhost'])){ $vh_config= << $ams['ipaddress'], 'ipport' => $ams['port']); - } - $mod_proxy .= "NameVirtualHost $local_ip_port\n"; - $processed[] = $local_ip_port; + //add NameVirtualHost and listening entries to configured virtualhosts + foreach ($namevirtualhosts as $namevirtualhost){ + // explicit bind if not global ip:port + if ($namevirtualhost != $global_listen) { + $mod_proxy .= "NameVirtualHost {$namevirtualhost}\n"; + $aliases .= "Listen $namevirtualhost\n"; + // Automatically add this to configuration + $aplisten=split(":",$namevirtualhost); + $config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $aplisten[0], 'ipport' => $aplisten[1]); } } - } + //** Uncomment to allow adding ip/ports not used by any site proxies //** Otherwise unused addresses/ports will be automatically deleted from the configuration // foreach ($configuredaliases as $ams) { diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index f971b570..32b9e29c 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -113,6 +113,11 @@ 0644 http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_view_logs.php + + /usr/local/www/shortcuts/ + 0755 + http://www.pfsense.org/packages/config/bind/pkg_apache.inc + Apache @@ -150,9 +155,12 @@ + on Status enable + Enabled + Disabled Iface @@ -266,12 +274,19 @@ refid none + + + listtopic + locations rowhelper + + + on @@ -288,7 +303,7 @@ sitepath leave blank to use /]]> input - 5 + 13 @@ -317,7 +332,7 @@ backendpath Leave blank to use /]]> input - 5 + 13 @@ -344,7 +359,7 @@ options ex: ttl=60 stickysession='JSESSIONID']]> input - 5 + 12 @@ -388,7 +403,6 @@ 10 base64 - apache_mod_security diff --git a/config/apache_mod_security-dev/pkg_apache.inc b/config/apache_mod_security-dev/pkg_apache.inc new file mode 100755 index 00000000..97fb2417 --- /dev/null +++ b/config/apache_mod_security-dev/pkg_apache.inc @@ -0,0 +1,11 @@ + -- cgit v1.2.3