From 6abe1f9648d0b3ea16c5901d7490d829a2d78063 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 27 Oct 2009 19:59:57 -0400 Subject: Add more tunables --- config/apache_mod_security/apache_mod_security.inc | 34 ++++++++++++++++------ .../apache_mod_security_settings.xml | 23 +++++++++++++++ 2 files changed, 48 insertions(+), 9 deletions(-) (limited to 'config/apache_mod_security') diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc index c45f426d..eee5af4c 100644 --- a/config/apache_mod_security/apache_mod_security.inc +++ b/config/apache_mod_security/apache_mod_security.inc @@ -36,7 +36,7 @@ conf_mount_rw(); // Needed mod_security directories if(!is_dir("/usr/local/apachemodsecurity")) safe_mkdir("/usr/local/apachemodsecurity"); -if(!is_dir("/usr/local/apachemodsecurity")) +if(!is_dir("/usr/local/apachemodsecurity/rules")) safe_mkdir("/usr/local/apachemodsecurity/rules"); // Startup function @@ -166,7 +166,25 @@ function generate_apache_configuration() { safe_mkdir("/var/db/apachemodsecuritycache"); $cache_root .= "CacheRoot /var/db/apachemodsecuritycache\n"; } - + + // SecRequestBodyInMemoryLimit Directive + if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodyinmemorylimit']) + $secrequestbodyinmemorylimit = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodyinmemorylimit']; + else + $secrequestbodyinmemorylimit = "131072"; + + // SecRequestBodyLimit + if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodylimit']) + $secrequestbodylimit = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodylimit']; + else + $secrequestbodylimit = "10485760"; + + // SecAuditEngine + if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['secauditengine']) + $secauditengine = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['secauditengine']; + else + $secauditengine = "RelevantOnly"; + $mod_proxy .= << input + + Configures the maximum request body size ModSecurity will store in memory. + secrequestbodyinmemorylimit + Configures the maximum request body size ModSecurity will store in memory. + input + + + Configures the maximum request body size ModSecurity will accept for buffering. + secrequestbodylimit + Configures the maximum request body size ModSecurity will accept for buffering. + input + Enable mod_security protection enablemodsecurity Enables mod_security protection for all sites being proxied checkbox + + Configures the audit logging engine. + secauditengine + Configures the audit logging engine. + select + + + + + + Custom mod_security rules modsecuritycustom -- cgit v1.2.3