From b0e3cc67b5ac508aade428fbbddf1b90df05b696 Mon Sep 17 00:00:00 2001 From: Stephane Lapie Date: Wed, 13 Nov 2013 12:29:45 +0900 Subject: Add XMLRPC sync, vhost location custom settings - Typo: Lots of typo fixes and re-indenting - XMLRPC: Added actual code for XMLRPC (not 100% functional, remote reload fails) - VirtualHost: Added custom settings for Locations (for SSLRequire & such) - Settings: Use interfaces instead of manual input IP address --- config/apache_mod_security-dev/apache.template | 4 +- config/apache_mod_security-dev/apache_balancer.xml | 87 +++++---- .../apache_edit_virtualhost_location.php | 205 +++++++++++++++++++++ .../apache_mod_security-dev/apache_logs_data.php | 2 +- .../apache_mod_security.inc | 192 +++++++++++++++++-- .../apache_mod_security.template | 4 +- .../apache_mod_security_groups.xml | 20 +- .../apache_mod_security_manipulation.xml | 2 +- .../apache_mod_security_sync.xml | 26 ++- .../apache_mod_security_view_logs.php | 2 +- config/apache_mod_security-dev/apache_settings.xml | 20 +- .../apache_mod_security-dev/apache_view_logs.php | 6 +- .../apache_mod_security-dev/apache_virtualhost.xml | 195 ++++++++++---------- 13 files changed, 573 insertions(+), 192 deletions(-) create mode 100644 config/apache_mod_security-dev/apache_edit_virtualhost_location.php (limited to 'config/apache_mod_security-dev') diff --git a/config/apache_mod_security-dev/apache.template b/config/apache_mod_security-dev/apache.template index 12a36b69..ab981a9e 100644 --- a/config/apache_mod_security-dev/apache.template +++ b/config/apache_mod_security-dev/apache.template @@ -6,7 +6,7 @@ } if($mods_settings['enablemodsecurity']=="on") $mod_security_module= "LoadModule security2_module libexec/apache22/mod_security2.so\n"; - + $apache_dir=APACHEDIR; $apache_config = << \ No newline at end of file +?> diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml index 16779158..7cb9774b 100755 --- a/config/apache_mod_security-dev/apache_balancer.xml +++ b/config/apache_mod_security-dev/apache_balancer.xml @@ -75,7 +75,7 @@ - Virutal Hosts + Virtual Hosts /pkg.php?xml=apache_virtualhost.xml 2 @@ -102,7 +102,7 @@ Description description - + on @@ -136,65 +136,64 @@ proto select - - - - - + + + + + + listtopic - - - - + + additionalparameters - rowhelper + rowhelper on - + - fqdn or ip - host - Internal site IP or Hostnamesite - input - 27 + FQDN or IP Address + host + Internal site IP or Hostnamesite + input + 27 - port - port - Internal site port - input - 5 + port + port + Internal site port + input + 5 - routeid - routeid - id to define stick connections - input - 6 + routeid + routeid + ID to define sticky connections + input + 6 - weight - loadfactor - Server weight - input - 6 + weight + loadfactor + Server weight + input + 4 - ping - ping - Server ping test interval - input - 6 + ping + ping + Server ping test interval + input + 6 - ttl - ttl - Server pint ttl - input - 6 + ttl + ttl + Server ping TTL + input + 6 @@ -203,4 +202,4 @@ apache_mod_security_resync(); - \ No newline at end of file + diff --git a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php new file mode 100644 index 00000000..5448f850 --- /dev/null +++ b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php @@ -0,0 +1,205 @@ + + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2012 Carlos Cesario + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + +require_once("/etc/inc/util.inc"); +require_once("/etc/inc/functions.inc"); +require_once("/etc/inc/pkg-utils.inc"); +require_once("/etc/inc/globals.inc"); +require_once("guiconfig.inc"); +require_once("apache_mod_security.inc"); + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "Apache reverse proxy: Apache VirtualHost Location"; + +$virtualhost_id = $_GET['virtualhost_id']; +if (isset($_POST['virtualhost_id'])) + $virtualhost_id = $_POST['virtualhost_id']; + +$backend_id = $_GET['backend_id']; +if (isset($_POST['backend_id'])) + $backend_id = $_POST['backend_id']; + +if (is_array($config['installedpackages']['apachevirtualhost']['config']) && is_array($config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id])) + $virtualhost = &$config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id]; +if (is_array($virtualhost['row']) && is_array($virtualhost['row'][$backend_id])) + $backend = &$virtualhost['row'][$backend_id]; + +/* + * Not having a virtualhost->backend entry means we can't do this. + */ +if (! $backend) { + $input_errors[] = gettext("Requested VirtualHost (ID={$virtualhost_id}) or Backend (ID={$backend_id}) does not exist."); +} + + +if ($_POST) { + unset($input_errors); + + /* + * Check for a valid expirationdate if one is set at all (valid means, + * DateTime puts out a time stamp so any DateTime compatible time + * format may be used. to keep it simple for the enduser, we only + * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs + * like "+1 day", which will be converted to MM/DD/YYYY based on "now". + * Otherwhise such an entry would lead to an invalid expiration data. + */ + if ($_POST['expires']) { + try { + $expdate = new DateTime($_POST['expires']); + //convert from any DateTime compatible date to MM/DD/YYYY + $_POST['expires'] = $expdate->format("m/d/Y"); + } catch ( Exception $ex ) { + $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); + } + } + + /* if this is an AJAX caller then handle via JSON */ + if (isAjax() && is_array($input_errors)) { + input_errors2Ajax($input_errors); + exit; + } + + if (!$input_errors) { + if ($_POST['custom']) + $backend['custom'] = base64_encode($_POST['custom']); + else + unset($backend['custom']); + + write_config("Saved Location Custom Settings for location {$backend['sitepath']} on virtual host '{$virtualhost['primarysitehostname']}'"); + apache_mod_security_resync(); + pfSenseHeader("apache_edit_virtualhost_location.php?virtualhost_id={$virtualhost_id}&backend_id={$backend_id}"); + } +} + +include("head.inc"); +?> + + + + + + +

+ + + + + +
+ + + + +
+ +
+ +
+
+ + + + + + + + + + + + + + + + + + + +
Primary Site Hostname + + + +
Current Site Path + + + +
+ +
+ + + +
  + + + + + + + " /> + " onclick="history.back()" /> +
+
+
+
+ + + + + + diff --git a/config/apache_mod_security-dev/apache_logs_data.php b/config/apache_mod_security-dev/apache_logs_data.php index 256ff144..fdcc04b0 100644 --- a/config/apache_mod_security-dev/apache_logs_data.php +++ b/config/apache_mod_security-dev/apache_logs_data.php @@ -92,7 +92,7 @@ if ($_GET) { // Apply filter and color if ($filter != "") $line = preg_replace("@($filter)@i","$1",$line); - $agent_info="onmouseover=\"jQuery('#bowserinfo').empty().html('{$line[13]}');\"\n"; + $agent_info="onmouseover=\"jQuery('#browserinfo').empty().html('{$line[13]}');\"\n"; echo "\n"; echo "{$line[5]}({$line[6]})\n"; echo "{$line[1]}\n"; diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index f21dcbdc..c9ab05e8 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -4,6 +4,7 @@ part of apache_mod_security package (http://www.pfSense.com) Copyright (C) 2009, 2010 Scott Ullrich Copyright (C) 2012-2013 Marcello Coutinho + Copyright (C) 2013 Stephane Lapie All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,6 +28,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + $shortcut_section = "apache"; // Check to find out on which system the package is running $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); @@ -123,6 +125,7 @@ function apache_mod_security_resync() { global $config, $g; apache_mod_security_install(); $dirs=array("base", "experimental","optional", "slr"); + log_error("apache_mod_security_package: configuration resync is starting."); if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE")){ exec ("/usr/local/bin/git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git ".APACHEDIR."/".MODSECURITY_DIR); //chdir (APACHEDIR."/".MODSECURITY_DIR); @@ -136,14 +139,165 @@ function apache_mod_security_resync() { while (false !== ($entry = readdir($handle))) { if (preg_match("/(\S+).conf$/",$entry,$matches)) $config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]); - } - closedir($handle); - } } + closedir($handle); + } + } if ($write_config > 0) write_config(); apache_mod_security_checkconfig(); apache_mod_security_restart(); + log_error("apache_mod_security_package: configuration resync is ending."); + + if (is_array($config['installedpackages']['apachesync']['config'])){ + $apache_sync = $config['installedpackages']['apachesync']['config'][0]; + $synconchanges = $apache_sync['synconchanges']; + $synctimeout = $apache_sync['synctimeout']; + switch ($synconchanges){ + case "manual": + if (is_array($apache_sync[row])){ + $rs = $apache_sync[row]; + } else { + log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no hosts to push on apache config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ // pfSense 2.0.x + $system_carp = $config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + } else if (is_array($config['hasync'])) { // pfSense 2.1 + $system_carp = $config['hasync']; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + } else { + log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no system backup hosts to push apache config."); + return; + } + break; + default: + return; + break; + } + } + if (is_array($rs)){ + foreach($rs as $sh){ + $sync_to_ip = $sh['ipaddress']; + $password = $sh['password']; + if ($sh['username']) + $username = $sh['username']; + else + $username = 'admin'; + if ($password && $sync_to_ip) + apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout); + } + } +} + +// Do the actual XMLRPC Sync +function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { + global $config, $g; + + if(!$username) + return; + + if(!$password) + return; + + if(!$sync_to_ip) + return; + + if(!$synctimeout) + $synctimeout=250; + + $xmlrpc_sync_neighbor = $sync_to_ip; + if($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } + $synchronizetoip .= $sync_to_ip; + + /* xml will hold the sections to sync */ + $xml = array(); + $xml['apachesettings'] = $config['installedpackages']['apachesettings']; + $xml['apachemodsecurity'] = $config['installedpackages']['apachemodsecurity']; + $xml['apachemodsecuritysettings'] = $config['installedpackages']['apachemodsecuritysettings']; + $xml['apachebalancer'] = $config['installedpackages']['apachebalancer']; + $xml['apachevirtualhost'] = $config['installedpackages']['apachevirtualhost']; + $xml['apachelisten'] = $config['installedpackages']['apachelisten']; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + /* set a few variables needed for sync code borrowed from filter.inc */ + $url = $synchronizetoip; + log_error("apache_mod_security_package: Beginning apache_mod_security XMLRPC sync to {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + if($g['debug']) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after defined sync timeout value*/ + $resp = $cli->send($msg, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } else { + log_error("apache_mod_security_package: XMLRPC sync successfully completed with {$url}:{$port}."); + } + + /* tell apache_mod_security to reload our settings on the destination sync host. */ + $method = 'pfsense.exec_php'; + $execcmd = "require_once('/usr/local/pkg/apache_mod_security.inc');\n"; + $execcmd .= "apache_mod_security_resync();"; + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("apache_mod_security_package: XMLRPC reload data {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } else { + log_error("apache_mod_security XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + } + + } function apache_mod_security_checkconfig() { @@ -197,7 +351,9 @@ function generate_apache_configuration() { file_notice("apache_mod_security", $error, "apache_mod_security", ""); } // Set global listening directive and ensure nothing is listening on this port already - $globalbind_ip = ($settings['globalbindtoipaddr'] ? $settings['globalbindtoipaddr'] : "*"); + $iface_address = apache_get_real_interface_address($settings['globalbindtoipaddr']); + $ip=$iface_address[0]; + $globalbind_ip = ($ip ? $ip : "*"); $globalbind_port = $settings['globalbindtoport']; if ($globalbind_port == ""){ $globalbind_port ="80"; @@ -311,6 +467,7 @@ function generate_apache_configuration() { //write balancer conf file_put_contents(APACHEDIR."/etc/apache22/Includes/balancers.conf",$balancer_config,LOCK_EX); } + // configure modsecurity group options //chroot apache http://forums.freebsd.org/showthread.php?t=6858 if (is_array($config['installedpackages']['apachemodsecuritygroups'])){ @@ -327,31 +484,32 @@ function generate_apache_configuration() { } } file_put_contents(RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']),LOCK_EX); - + foreach (split(",",$mods_groups['baserules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n"; - } + } foreach (split(",",$mods_groups['optionalrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/optional_rules/{$baserule}.conf\n"; - } + } foreach (split(",",$mods_groups['slrrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/slr_rules/{$baserule}.conf\n"; - } + } foreach (split(",",$mods_groups['experimentalrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n"; - } - $i++; } + $i++; + } if ($write_config > 0) write_config("load crs 10 setup file to modsecurity group {$mods_groups['name']}"); } //print "
";
 	//var_dump($mods_group);
-	
+
 	//mod_security settings
 	if (is_array($config['installedpackages']['apachemodsecuritysettings'])){
 		$mods_settings=$config['installedpackages']['apachemodsecuritysettings']['config'][0];
 	}
+		
 	//configure virtual hosts
 	$namevirtualhosts=array();
 	$namevirtualhosts[0]=$global_listen;
@@ -376,7 +534,7 @@ EOF;
 				$port=($virtualhost['port'] ? $virtualhost['port'] : $default_port[$virtualhost['proto']]);
 				if (!in_array("{$ip}:{$port}",$namevirtualhosts))
 					$namevirtualhosts[]="{$ip}:{$port}";
-				
+
 				$vh_config.="# {$virtualhost['description']}\n";
 				$vh_config.="\n";
 				$vh_config.=" ServerName ". preg_replace ("/\r\n(\S+)/","\n ServerAlias $1",base64_decode($virtualhost['primarysitehostname'])) ."\n";
@@ -441,6 +599,7 @@ EOF;
 								}
 							}
 						}
+					$vh_config.= apache_textarea_decode($backend['custom'])."\n\n";
 					$vh_config.=" \n\n";
 					}
 				$vh_config.="\n";
@@ -469,7 +628,6 @@ EOF;
 			}
 	}
 	
-
 	if ($mods_settings!="")
 		$SecGuardianLog="SecGuardianLog \"|".RULES_DIRECTORY."/util/httpd-guardian\"";
 	
@@ -525,7 +683,7 @@ EOF;
 	// Read already configured addresses
 	if (is_array($settings['row'])){
 		foreach($settings['row'] as $row) {
-			if ($row['ipaddress'] && $row['ipport'])
+			if ($row['interface'] && $row['ipport'])
 				$configuredaliases[] = $row; 
 		}
 	}
@@ -544,8 +702,8 @@ EOF;
 			// Automatically add this to configuration
 			$aplisten=split(":",$namevirtualhost);
 			$config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $aplisten[0], 'ipport' => $aplisten[1]);
-			}
 		}
+	}
 	// Process Status Page 
 	$mod_status = "";
 	if ($settings['statuspage'] == "on") {
@@ -554,12 +712,12 @@ EOF;
 	SetHandler server-status
 	Order Deny,Allow
 	Deny from all
-	
+
 EOF;
 		$mod_status .= "Allow from ".($settings['netaccessstatus'] ? $settings['netaccessstatus'] : "All")."\n";
 		$mod_status .= "\n";
 	}
-	
+
 	// update configuration with actual ip bindings
 	write_config($pkg['addedit_string']);
 
diff --git a/config/apache_mod_security-dev/apache_mod_security.template b/config/apache_mod_security-dev/apache_mod_security.template
index f6ad6e3e..d004a9ae 100644
--- a/config/apache_mod_security-dev/apache_mod_security.template
+++ b/config/apache_mod_security-dev/apache_mod_security.template
@@ -1,6 +1,6 @@
 2
 		
 	
-		
+	
 		on
 		
 			Name
@@ -87,7 +87,7 @@
 			Description
 			description
 		
-		
+
 	
 	
 		
@@ -109,7 +109,7 @@
 			input
 			45
 		
-		
+
 		
 			Base Rules
 			baserules
@@ -202,8 +202,8 @@
 			modsecurity_crs_10_setup.conf file.
Leave empty to load setup defaults.]]>
 			textarea
 			base64
-	      	15
-	      	90			
+			15
+			90
 		
 		
 			Custom mod_security ErrorDocument
@@ -217,8 +217,8 @@
 			Custom mod_security ErrorDocument.
 			textarea
 			base64
-	      	10
-	      	90			
+		      	10
+		      	90
 		
 		
 			Custom mod_security rules
@@ -232,12 +232,12 @@
 			Paste any custom mod_security rules that you would like to use
 			textarea
 			base64
-	      	10
-	      	90			
+		      	10
+		      	90
 		
 	
 	
 		apache_mod_security_resync();
 	
 	/usr/local/pkg/apache_mod_security.inc	
-
\ No newline at end of file
+
diff --git a/config/apache_mod_security-dev/apache_mod_security_manipulation.xml b/config/apache_mod_security-dev/apache_mod_security_manipulation.xml
index ab681c66..7477e540 100644
--- a/config/apache_mod_security-dev/apache_mod_security_manipulation.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_manipulation.xml
@@ -142,4 +142,4 @@
 		apache_mod_security_resync();
 	
 	/usr/local/pkg/apache_mod_security.inc	
-
\ No newline at end of file
+
diff --git a/config/apache_mod_security-dev/apache_mod_security_sync.xml b/config/apache_mod_security-dev/apache_mod_security_sync.xml
index 0d8d8c8f..3e1c0a9c 100755
--- a/config/apache_mod_security-dev/apache_mod_security_sync.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_sync.xml
@@ -68,8 +68,30 @@
 		
 			Automatically sync apache configuration changes
 			synconchanges
-			Automatically sync apache changes to the hosts defined below.
-			checkbox
+			Select a sync method for Apache + ModSecurity.
+			select
+			
+			auto
+			
+			        
+			        
+			        
+			
+		
+		
+		        Sync timeout
+			synctimeout
+			Select sync max wait time
+			select
+			
+			250
+			
+				
+				
+				
+				
+				
+			
 		
 		
 			Remote Server
diff --git a/config/apache_mod_security-dev/apache_mod_security_view_logs.php b/config/apache_mod_security-dev/apache_mod_security_view_logs.php
index 1956a217..669c71f4 100755
--- a/config/apache_mod_security-dev/apache_mod_security_view_logs.php
+++ b/config/apache_mod_security-dev/apache_mod_security_view_logs.php
@@ -68,7 +68,7 @@ include("head.inc");
 		2
 		
 		
-			Virutal Hosts
+			Virtual Hosts
 			/pkg.php?xml=apache_virtualhost.xml
 			2
 		
@@ -93,7 +93,7 @@
 			Server hostname
 			hostname
 			
-				
+				
 			
 			input
@@ -102,17 +102,19 @@
 			Default Bind to IP Address
 			globalbindtoipaddr
 			
-				
-					NOTE: Leave blank to bind to *]]>
+				
 			
-			input
+			interfaces_selection
+			
+			
+			
 		
 		
 			Default Bind to port
 			globalbindtoport
 			
 				
-					NOTE: Leave blank to bind to 80]]>					
+					NOTE: Leave blank to bind to 80]]>
 			
 			input
 			5
@@ -281,9 +283,9 @@
 			Status Page
 			statuspage
 			
- 			
+				
 			
- 			select        
+			select
 			
 				
 				
@@ -293,7 +295,7 @@
 			Network Access Status Page
 			netaccessstatus
 			
-				
+				
 			
 			input
diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php
index 77c14176..494f37cd 100644
--- a/config/apache_mod_security-dev/apache_view_logs.php
+++ b/config/apache_mod_security-dev/apache_view_logs.php
@@ -42,7 +42,7 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
 if(strstr($pfSversion, "1.2"))
         $one_two = true;
 
-$pgtitle = "Status: Apache Vhosts Logs";
+$pgtitle = "Status: Apache VirtualHost Logs";
 include("head.inc");
 ?>
 
@@ -171,8 +171,8 @@ function showLog(content,url,logtype)
 			
 		
 	
-	
 
-		
+	
 
+		
 	

 	 
 	
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml
index b3653bdf..53478721 100644
--- a/config/apache_mod_security-dev/apache_virtualhost.xml
+++ b/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -4,40 +4,41 @@
 
         
         
+    All rights reserved.
+*/
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
 
-			     1. Redistributions of source code MUST retain the above copyright notice,
-			        this list of conditions and the following disclaimer.
+     1. Redistributions of source code MUST retain the above copyright notice,
+        this list of conditions and the following disclaimer.
 
-			     2. Redistributions in binary form MUST reproduce the above copyright
-			        notice, this list of conditions and the following disclaimer in the
-			        documentation and/or other materials provided with the distribution.
+     2. Redistributions in binary form MUST reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
 
-			    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-			    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-			    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-			    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-			    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-			    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-			    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-			    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-			    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-			    POSSIBILITY OF SUCH DAMAGE.
-			*/
-			/* ========================================================================== */
-			]]>
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ========================================================================== */
+]]>
         
 	apachevirtualhost
 	1.0
@@ -143,7 +144,7 @@
 			2
 		
 		
-			Virutal Hosts
+			Virtual Hosts
 			/pkg.php?xml=apache_virtualhost.xml
 			2
 			
@@ -201,17 +202,14 @@
 			Select protocols that this virtual host will accept connections
 			select			
 			
-			    
-			    
+				
+				
 			
 		
 		
 			Server Name(s)
 			primarysitehostname
-			
-				
-					Leave blank and define the IP Address / port above for IP site proxy (i.e. not named site proxy)]]>
-			
+			Leave blank and define the IP Address / port above for IP site proxy (i.e. not named site proxy)]]>
 			40
 			2
 			textarea
@@ -238,27 +236,21 @@
 			Site Webmaster E-Mail address
 			siteemail
 			50
-			
-				
-			
+			
 			input
 		
 		
 			Site description
 			description
 			50
-			
-				
-			
+			
 			input
 		
 		
 			HTTPS SSL certificate
 			ssl_cert
 			Choose the SSL Server Certificate here.
-	    	select_source
+			select_source
 			
 			descr
 			refid
@@ -283,62 +275,62 @@
 				
 			
 			locations
-		    rowhelper
-		    
+			rowhelper
+			
 			
 			on
-		    
+			
 				
-				    
-				    compress
-				    Compress data to save bandwidth?
+					
+					compress
+					Compress data to save bandwidth?
 				   	select			
 					
-			    	
-			    	
+					
+					
 					
 				
 				
-				    
-				    sitepath
-				    leave blank to use /]]>
-				    input
-				    12
+					
+					sitepath
+					leave blank to use /]]>
+					input
+					12
 				
 				
 					
-				    balancer
-				    Server balancer / pool
+					balancer
+					Server balancer / pool
 					
 					name
 					name
 					none
 					select_source
-                    5
+					5
 				
 				
-					LbMethod]]>
-				    lbmethod
-				    Server balance method
-				    select
-				    
-			    	
-			    	
-			    	
+					LB Method]]>
+					lbmethod
+					Server balance method
+					select
+					
+						
+						
+						
 					
 				
 				
-				    Backend path
-				    backendpath
-				    Leave blank to use /]]>
-				    input
-				    12
+					Backend Path
+					backendpath
+					Leave blank to use /]]>
+					input
+					12
 				
 				
 					
 					modsecgroup
-					Choose Modsecurity group to use on this virtual host.
-			    	select_source
+					Choose ModSecurity group to use on this virtual host.
+					select_source
 					
 					name
 					name
@@ -348,20 +340,29 @@
 					
 					modsecmanipulation
 					Choose Modsecurity group to use on this virtual host.
-			    	select_source
+					select_source
 					
 					name
 					name
 					none
 				
 				
-				      Balancer options]]>
-				    options
-				    ex: ttl=60 stickysession='JSESSIONID']]>
-				    input
-				    11
+					  Balancer options]]>
+					options
+					ex: ttl=60 stickysession='JSESSIONID']]>
+					input
+					11
 				
-		    
+				
+					Location Custom Settings
+					custom
+					
+					textarea
+					65
+					10
+					base64
+				
+			
 		
 		
 			Logging
@@ -370,25 +371,19 @@
 		
 			Preserve Proxy hostname
 			preserveproxyhostname
-			
-				
-			
+			
 			checkbox
 		
 			
 			Log file
 			logfile
-			
-				
-			
+			
 			select			
-					
-			    	
-			    	
-			    	
-					
+			
+				
+				
+				
+			
 		
 		
 			Custom Options
@@ -397,7 +392,7 @@
 		
 			Custom Options
 			custom
-			Paste extra apache config for this virtualhost. This is usefull for rewrite rules for example.
+			Pass extra Apache config for this VirtualHost. This is useful for Rewrite rules for example.
 			textarea
 			90
 			10
@@ -415,4 +410,4 @@
 		apache_mod_security_resync();
 	
 	/usr/local/pkg/apache_mod_security.inc	
-
\ No newline at end of file
+
-- 
cgit v1.2.3