From b0e3cc67b5ac508aade428fbbddf1b90df05b696 Mon Sep 17 00:00:00 2001 From: Stephane Lapie Date: Wed, 13 Nov 2013 12:29:45 +0900 Subject: Add XMLRPC sync, vhost location custom settings - Typo: Lots of typo fixes and re-indenting - XMLRPC: Added actual code for XMLRPC (not 100% functional, remote reload fails) - VirtualHost: Added custom settings for Locations (for SSLRequire & such) - Settings: Use interfaces instead of manual input IP address --- config/apache_mod_security-dev/apache.template | 4 +- config/apache_mod_security-dev/apache_balancer.xml | 87 +++++---- .../apache_edit_virtualhost_location.php | 205 +++++++++++++++++++++ .../apache_mod_security-dev/apache_logs_data.php | 2 +- .../apache_mod_security.inc | 192 +++++++++++++++++-- .../apache_mod_security.template | 4 +- .../apache_mod_security_groups.xml | 20 +- .../apache_mod_security_manipulation.xml | 2 +- .../apache_mod_security_sync.xml | 26 ++- .../apache_mod_security_view_logs.php | 2 +- config/apache_mod_security-dev/apache_settings.xml | 20 +- .../apache_mod_security-dev/apache_view_logs.php | 6 +- .../apache_mod_security-dev/apache_virtualhost.xml | 195 ++++++++++---------- 13 files changed, 573 insertions(+), 192 deletions(-) create mode 100644 config/apache_mod_security-dev/apache_edit_virtualhost_location.php (limited to 'config') diff --git a/config/apache_mod_security-dev/apache.template b/config/apache_mod_security-dev/apache.template index 12a36b69..ab981a9e 100644 --- a/config/apache_mod_security-dev/apache.template +++ b/config/apache_mod_security-dev/apache.template @@ -6,7 +6,7 @@ } if($mods_settings['enablemodsecurity']=="on") $mod_security_module= "LoadModule security2_module libexec/apache22/mod_security2.so\n"; - + $apache_dir=APACHEDIR; $apache_config = << \ No newline at end of file +?> diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml index 16779158..7cb9774b 100755 --- a/config/apache_mod_security-dev/apache_balancer.xml +++ b/config/apache_mod_security-dev/apache_balancer.xml @@ -75,7 +75,7 @@ - Virutal Hosts + Virtual Hosts /pkg.php?xml=apache_virtualhost.xml 2 @@ -102,7 +102,7 @@ Description description - + on @@ -136,65 +136,64 @@ proto select - - - - - + + + + + + listtopic - - - - + + additionalparameters - rowhelper + rowhelper on - + - fqdn or ip - host - Internal site IP or Hostnamesite - input - 27 + FQDN or IP Address + host + Internal site IP or Hostnamesite + input + 27 - port - port - Internal site port - input - 5 + port + port + Internal site port + input + 5 - routeid - routeid - id to define stick connections - input - 6 + routeid + routeid + ID to define sticky connections + input + 6 - weight - loadfactor - Server weight - input - 6 + weight + loadfactor + Server weight + input + 4 - ping - ping - Server ping test interval - input - 6 + ping + ping + Server ping test interval + input + 6 - ttl - ttl - Server pint ttl - input - 6 + ttl + ttl + Server ping TTL + input + 6 @@ -203,4 +202,4 @@ apache_mod_security_resync(); - \ No newline at end of file + diff --git a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php new file mode 100644 index 00000000..5448f850 --- /dev/null +++ b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php @@ -0,0 +1,205 @@ + + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2012 Carlos Cesario + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + +require_once("/etc/inc/util.inc"); +require_once("/etc/inc/functions.inc"); +require_once("/etc/inc/pkg-utils.inc"); +require_once("/etc/inc/globals.inc"); +require_once("guiconfig.inc"); +require_once("apache_mod_security.inc"); + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "Apache reverse proxy: Apache VirtualHost Location"; + +$virtualhost_id = $_GET['virtualhost_id']; +if (isset($_POST['virtualhost_id'])) + $virtualhost_id = $_POST['virtualhost_id']; + +$backend_id = $_GET['backend_id']; +if (isset($_POST['backend_id'])) + $backend_id = $_POST['backend_id']; + +if (is_array($config['installedpackages']['apachevirtualhost']['config']) && is_array($config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id])) + $virtualhost = &$config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id]; +if (is_array($virtualhost['row']) && is_array($virtualhost['row'][$backend_id])) + $backend = &$virtualhost['row'][$backend_id]; + +/* + * Not having a virtualhost->backend entry means we can't do this. + */ +if (! $backend) { + $input_errors[] = gettext("Requested VirtualHost (ID={$virtualhost_id}) or Backend (ID={$backend_id}) does not exist."); +} + + +if ($_POST) { + unset($input_errors); + + /* + * Check for a valid expirationdate if one is set at all (valid means, + * DateTime puts out a time stamp so any DateTime compatible time + * format may be used. to keep it simple for the enduser, we only + * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs + * like "+1 day", which will be converted to MM/DD/YYYY based on "now". + * Otherwhise such an entry would lead to an invalid expiration data. + */ + if ($_POST['expires']) { + try { + $expdate = new DateTime($_POST['expires']); + //convert from any DateTime compatible date to MM/DD/YYYY + $_POST['expires'] = $expdate->format("m/d/Y"); + } catch ( Exception $ex ) { + $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); + } + } + + /* if this is an AJAX caller then handle via JSON */ + if (isAjax() && is_array($input_errors)) { + input_errors2Ajax($input_errors); + exit; + } + + if (!$input_errors) { + if ($_POST['custom']) + $backend['custom'] = base64_encode($_POST['custom']); + else + unset($backend['custom']); + + write_config("Saved Location Custom Settings for location {$backend['sitepath']} on virtual host '{$virtualhost['primarysitehostname']}'"); + apache_mod_security_resync(); + pfSenseHeader("apache_edit_virtualhost_location.php?virtualhost_id={$virtualhost_id}&backend_id={$backend_id}"); + } +} + +include("head.inc"); +?> + + + + + + +

+ + + + + +
+ + + + +
+ +
+ +
+
+ + + + + + + + + + + + + + + + + + + +
Primary Site Hostname + + + +
Current Site Path + + + +
+ +
+ + + +
  + + + + + + + " /> + " onclick="history.back()" /> +
+
+
+
+ + + + + + diff --git a/config/apache_mod_security-dev/apache_logs_data.php b/config/apache_mod_security-dev/apache_logs_data.php index 256ff144..fdcc04b0 100644 --- a/config/apache_mod_security-dev/apache_logs_data.php +++ b/config/apache_mod_security-dev/apache_logs_data.php @@ -92,7 +92,7 @@ if ($_GET) { // Apply filter and color if ($filter != "") $line = preg_replace("@($filter)@i","$1",$line); - $agent_info="onmouseover=\"jQuery('#bowserinfo').empty().html('{$line[13]}');\"\n"; + $agent_info="onmouseover=\"jQuery('#browserinfo').empty().html('{$line[13]}');\"\n"; echo "\n"; echo "{$line[5]}({$line[6]})\n"; echo "{$line[1]}\n"; diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index f21dcbdc..c9ab05e8 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -4,6 +4,7 @@ part of apache_mod_security package (http://www.pfSense.com) Copyright (C) 2009, 2010 Scott Ullrich Copyright (C) 2012-2013 Marcello Coutinho + Copyright (C) 2013 Stephane Lapie All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,6 +28,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + $shortcut_section = "apache"; // Check to find out on which system the package is running $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); @@ -123,6 +125,7 @@ function apache_mod_security_resync() { global $config, $g; apache_mod_security_install(); $dirs=array("base", "experimental","optional", "slr"); + log_error("apache_mod_security_package: configuration resync is starting."); if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE")){ exec ("/usr/local/bin/git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git ".APACHEDIR."/".MODSECURITY_DIR); //chdir (APACHEDIR."/".MODSECURITY_DIR); @@ -136,14 +139,165 @@ function apache_mod_security_resync() { while (false !== ($entry = readdir($handle))) { if (preg_match("/(\S+).conf$/",$entry,$matches)) $config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]); - } - closedir($handle); - } } + closedir($handle); + } + } if ($write_config > 0) write_config(); apache_mod_security_checkconfig(); apache_mod_security_restart(); + log_error("apache_mod_security_package: configuration resync is ending."); + + if (is_array($config['installedpackages']['apachesync']['config'])){ + $apache_sync = $config['installedpackages']['apachesync']['config'][0]; + $synconchanges = $apache_sync['synconchanges']; + $synctimeout = $apache_sync['synctimeout']; + switch ($synconchanges){ + case "manual": + if (is_array($apache_sync[row])){ + $rs = $apache_sync[row]; + } else { + log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no hosts to push on apache config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ // pfSense 2.0.x + $system_carp = $config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + } else if (is_array($config['hasync'])) { // pfSense 2.1 + $system_carp = $config['hasync']; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + } else { + log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no system backup hosts to push apache config."); + return; + } + break; + default: + return; + break; + } + } + if (is_array($rs)){ + foreach($rs as $sh){ + $sync_to_ip = $sh['ipaddress']; + $password = $sh['password']; + if ($sh['username']) + $username = $sh['username']; + else + $username = 'admin'; + if ($password && $sync_to_ip) + apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout); + } + } +} + +// Do the actual XMLRPC Sync +function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { + global $config, $g; + + if(!$username) + return; + + if(!$password) + return; + + if(!$sync_to_ip) + return; + + if(!$synctimeout) + $synctimeout=250; + + $xmlrpc_sync_neighbor = $sync_to_ip; + if($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } + $synchronizetoip .= $sync_to_ip; + + /* xml will hold the sections to sync */ + $xml = array(); + $xml['apachesettings'] = $config['installedpackages']['apachesettings']; + $xml['apachemodsecurity'] = $config['installedpackages']['apachemodsecurity']; + $xml['apachemodsecuritysettings'] = $config['installedpackages']['apachemodsecuritysettings']; + $xml['apachebalancer'] = $config['installedpackages']['apachebalancer']; + $xml['apachevirtualhost'] = $config['installedpackages']['apachevirtualhost']; + $xml['apachelisten'] = $config['installedpackages']['apachelisten']; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + /* set a few variables needed for sync code borrowed from filter.inc */ + $url = $synchronizetoip; + log_error("apache_mod_security_package: Beginning apache_mod_security XMLRPC sync to {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + if($g['debug']) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after defined sync timeout value*/ + $resp = $cli->send($msg, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } else { + log_error("apache_mod_security_package: XMLRPC sync successfully completed with {$url}:{$port}."); + } + + /* tell apache_mod_security to reload our settings on the destination sync host. */ + $method = 'pfsense.exec_php'; + $execcmd = "require_once('/usr/local/pkg/apache_mod_security.inc');\n"; + $execcmd .= "apache_mod_security_resync();"; + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("apache_mod_security_package: XMLRPC reload data {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); + } else { + log_error("apache_mod_security XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + } + + } function apache_mod_security_checkconfig() { @@ -197,7 +351,9 @@ function generate_apache_configuration() { file_notice("apache_mod_security", $error, "apache_mod_security", ""); } // Set global listening directive and ensure nothing is listening on this port already - $globalbind_ip = ($settings['globalbindtoipaddr'] ? $settings['globalbindtoipaddr'] : "*"); + $iface_address = apache_get_real_interface_address($settings['globalbindtoipaddr']); + $ip=$iface_address[0]; + $globalbind_ip = ($ip ? $ip : "*"); $globalbind_port = $settings['globalbindtoport']; if ($globalbind_port == ""){ $globalbind_port ="80"; @@ -311,6 +467,7 @@ function generate_apache_configuration() { //write balancer conf file_put_contents(APACHEDIR."/etc/apache22/Includes/balancers.conf",$balancer_config,LOCK_EX); } + // configure modsecurity group options //chroot apache http://forums.freebsd.org/showthread.php?t=6858 if (is_array($config['installedpackages']['apachemodsecuritygroups'])){ @@ -327,31 +484,32 @@ function generate_apache_configuration() { } } file_put_contents(RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']),LOCK_EX); - + foreach (split(",",$mods_groups['baserules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n"; - } + } foreach (split(",",$mods_groups['optionalrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/optional_rules/{$baserule}.conf\n"; - } + } foreach (split(",",$mods_groups['slrrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/slr_rules/{$baserule}.conf\n"; - } + } foreach (split(",",$mods_groups['experimentalrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n"; - } - $i++; } + $i++; + } if ($write_config > 0) write_config("load crs 10 setup file to modsecurity group {$mods_groups['name']}"); } //print "
";
 	//var_dump($mods_group);
-	
+
 	//mod_security settings
 	if (is_array($config['installedpackages']['apachemodsecuritysettings'])){
 		$mods_settings=$config['installedpackages']['apachemodsecuritysettings']['config'][0];
 	}
+		
 	//configure virtual hosts
 	$namevirtualhosts=array();
 	$namevirtualhosts[0]=$global_listen;
@@ -376,7 +534,7 @@ EOF;
 				$port=($virtualhost['port'] ? $virtualhost['port'] : $default_port[$virtualhost['proto']]);
 				if (!in_array("{$ip}:{$port}",$namevirtualhosts))
 					$namevirtualhosts[]="{$ip}:{$port}";
-				
+
 				$vh_config.="# {$virtualhost['description']}\n";
 				$vh_config.="\n";
 				$vh_config.=" ServerName ". preg_replace ("/\r\n(\S+)/","\n ServerAlias $1",base64_decode($virtualhost['primarysitehostname'])) ."\n";
@@ -441,6 +599,7 @@ EOF;
 								}
 							}
 						}
+					$vh_config.= apache_textarea_decode($backend['custom'])."\n\n";
 					$vh_config.=" \n\n";
 					}
 				$vh_config.="\n";
@@ -469,7 +628,6 @@ EOF;
 			}
 	}
 	
-
 	if ($mods_settings!="")
 		$SecGuardianLog="SecGuardianLog \"|".RULES_DIRECTORY."/util/httpd-guardian\"";
 	
@@ -525,7 +683,7 @@ EOF;
 	// Read already configured addresses
 	if (is_array($settings['row'])){
 		foreach($settings['row'] as $row) {
-			if ($row['ipaddress'] && $row['ipport'])
+			if ($row['interface'] && $row['ipport'])
 				$configuredaliases[] = $row; 
 		}
 	}
@@ -544,8 +702,8 @@ EOF;
 			// Automatically add this to configuration
 			$aplisten=split(":",$namevirtualhost);
 			$config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $aplisten[0], 'ipport' => $aplisten[1]);
-			}
 		}
+	}
 	// Process Status Page 
 	$mod_status = "";
 	if ($settings['statuspage'] == "on") {
@@ -554,12 +712,12 @@ EOF;
 	SetHandler server-status
 	Order Deny,Allow
 	Deny from all
-	
+
 EOF;
 		$mod_status .= "Allow from ".($settings['netaccessstatus'] ? $settings['netaccessstatus'] : "All")."\n";
 		$mod_status .= "\n";
 	}
-	
+
 	// update configuration with actual ip bindings
 	write_config($pkg['addedit_string']);
 
diff --git a/config/apache_mod_security-dev/apache_mod_security.template b/config/apache_mod_security-dev/apache_mod_security.template
index f6ad6e3e..d004a9ae 100644
--- a/config/apache_mod_security-dev/apache_mod_security.template
+++ b/config/apache_mod_security-dev/apache_mod_security.template
@@ -1,6 +1,6 @@
 2
 		
 	
-		
+	
 		on
 		
 			Name
@@ -87,7 +87,7 @@
 			Description
 			description
 		
-		
+
 	
 	
 		
@@ -109,7 +109,7 @@
 			input
 			45
 		
-		
+
 		
 			Base Rules
 			baserules
@@ -202,8 +202,8 @@
 			modsecurity_crs_10_setup.conf file.
Leave empty to load setup defaults.]]>
textarea base64 - 15 - 90 + 15 + 90
Custom mod_security ErrorDocument @@ -217,8 +217,8 @@ Custom mod_security ErrorDocument. textarea base64 - 10 - 90 + 10 + 90 Custom mod_security rules @@ -232,12 +232,12 @@ Paste any custom mod_security rules that you would like to use textarea base64 - 10 - 90 + 10 + 90
apache_mod_security_resync(); /usr/local/pkg/apache_mod_security.inc - \ No newline at end of file + diff --git a/config/apache_mod_security-dev/apache_mod_security_manipulation.xml b/config/apache_mod_security-dev/apache_mod_security_manipulation.xml index ab681c66..7477e540 100644 --- a/config/apache_mod_security-dev/apache_mod_security_manipulation.xml +++ b/config/apache_mod_security-dev/apache_mod_security_manipulation.xml @@ -142,4 +142,4 @@ apache_mod_security_resync(); /usr/local/pkg/apache_mod_security.inc - \ No newline at end of file + diff --git a/config/apache_mod_security-dev/apache_mod_security_sync.xml b/config/apache_mod_security-dev/apache_mod_security_sync.xml index 0d8d8c8f..3e1c0a9c 100755 --- a/config/apache_mod_security-dev/apache_mod_security_sync.xml +++ b/config/apache_mod_security-dev/apache_mod_security_sync.xml @@ -68,8 +68,30 @@ Automatically sync apache configuration changes synconchanges - Automatically sync apache changes to the hosts defined below. - checkbox + Select a sync method for Apache + ModSecurity. + select + + auto + + + + + + + + Sync timeout + synctimeout + Select sync max wait time + select + + 250 + + + + + + + Remote Server diff --git a/config/apache_mod_security-dev/apache_mod_security_view_logs.php b/config/apache_mod_security-dev/apache_mod_security_view_logs.php index 1956a217..669c71f4 100755 --- a/config/apache_mod_security-dev/apache_mod_security_view_logs.php +++ b/config/apache_mod_security-dev/apache_mod_security_view_logs.php @@ -68,7 +68,7 @@ include("head.inc"); 2 - Virutal Hosts + Virtual Hosts /pkg.php?xml=apache_virtualhost.xml 2 @@ -93,7 +93,7 @@ Server hostname hostname - + input @@ -102,17 +102,19 @@ Default Bind to IP Address globalbindtoipaddr - - NOTE: Leave blank to bind to *]]> + - input + interfaces_selection + + + Default Bind to port globalbindtoport - NOTE: Leave blank to bind to 80]]> + NOTE: Leave blank to bind to 80]]> input 5 @@ -281,9 +283,9 @@ Status Page statuspage - + - select + select @@ -293,7 +295,7 @@ Network Access Status Page netaccessstatus - + input diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php index 77c14176..494f37cd 100644 --- a/config/apache_mod_security-dev/apache_view_logs.php +++ b/config/apache_mod_security-dev/apache_view_logs.php @@ -42,7 +42,7 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if(strstr($pfSversion, "1.2")) $one_two = true; -$pgtitle = "Status: Apache Vhosts Logs"; +$pgtitle = "Status: Apache VirtualHost Logs"; include("head.inc"); ?> @@ -171,8 +171,8 @@ function showLog(content,url,logtype) -
- +
+
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index b3653bdf..53478721 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -4,40 +4,41 @@ + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - /* ========================================================================== */ - ]]> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ +]]> apachevirtualhost 1.0 @@ -143,7 +144,7 @@ 2 - Virutal Hosts + Virtual Hosts /pkg.php?xml=apache_virtualhost.xml 2 @@ -201,17 +202,14 @@ Select protocols that this virtual host will accept connections select - - + + Server Name(s) primarysitehostname - - - Leave blank and define the IP Address / port above for IP site proxy (i.e. not named site proxy)]]> - + Leave blank and define the IP Address / port above for IP site proxy (i.e. not named site proxy)]]> 40 2 textarea @@ -238,27 +236,21 @@ Site Webmaster E-Mail address siteemail 50 - - - + input Site description description 50 - - - + input HTTPS SSL certificate ssl_cert Choose the SSL Server Certificate here. - select_source + select_source descr refid @@ -283,62 +275,62 @@ locations - rowhelper - + rowhelper + on - + - - compress - Compress data to save bandwidth? + + compress + Compress data to save bandwidth? select - - + + - - sitepath - leave blank to use /]]> - input - 12 + + sitepath + leave blank to use /]]> + input + 12 - balancer - Server balancer / pool + balancer + Server balancer / pool name name none select_source - 5 + 5 - LbMethod]]> - lbmethod - Server balance method - select - - - - + LB Method]]> + lbmethod + Server balance method + select + + + + - Backend path - backendpath - Leave blank to use /]]> - input - 12 + Backend Path + backendpath + Leave blank to use /]]> + input + 12 modsecgroup - Choose Modsecurity group to use on this virtual host. - select_source + Choose ModSecurity group to use on this virtual host. + select_source name name @@ -348,20 +340,29 @@ modsecmanipulation Choose Modsecurity group to use on this virtual host. - select_source + select_source name name none -   Balancer options]]> - options - ex: ttl=60 stickysession='JSESSIONID']]> - input - 11 +   Balancer options]]> + options + ex: ttl=60 stickysession='JSESSIONID']]> + input + 11 - + + Location Custom Settings + custom + + textarea + 65 + 10 + base64 + + Logging @@ -370,25 +371,19 @@ Preserve Proxy hostname preserveproxyhostname - - - + checkbox Log file logfile - - - + select - - - - - + + + + + Custom Options @@ -397,7 +392,7 @@ Custom Options custom - Paste extra apache config for this virtualhost. This is usefull for rewrite rules for example. + Pass extra Apache config for this VirtualHost. This is useful for Rewrite rules for example. textarea 90 10 @@ -415,4 +410,4 @@ apache_mod_security_resync(); /usr/local/pkg/apache_mod_security.inc - \ No newline at end of file + -- cgit v1.2.3