From ecd23b84d355e7f05d2d14b1b7747b08ca02da03 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Thu, 14 Nov 2013 02:28:17 -0200 Subject: apache-modsecurity-dev - add a location tab to apache menus to fix custom location options display move modsecurity crs_10_setup to module option tab Backup your location config before updating form 0.2.x to 0.3 package version --- config/apache_mod_security-dev/apache_balancer.xml | 5 + .../apache_edit_virtualhost_location.php | 205 ------------------ config/apache_mod_security-dev/apache_location.xml | 237 +++++++++++++++++++++ .../apache_mod_security.inc | 38 ++-- .../apache_mod_security_groups.xml | 30 --- .../apache_mod_security_settings.xml | 30 +++ .../apache_mod_security_sync.xml | 8 +- config/apache_mod_security-dev/apache_settings.xml | 7 + .../apache_mod_security-dev/apache_view_logs.php | 1 + .../apache_mod_security-dev/apache_virtualhost.xml | 97 ++------- 10 files changed, 316 insertions(+), 342 deletions(-) delete mode 100644 config/apache_mod_security-dev/apache_edit_virtualhost_location.php create mode 100644 config/apache_mod_security-dev/apache_location.xml (limited to 'config') diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml index 7cb9774b..015da143 100755 --- a/config/apache_mod_security-dev/apache_balancer.xml +++ b/config/apache_mod_security-dev/apache_balancer.xml @@ -74,6 +74,11 @@ 2 + + Location(s) + /pkg.php?xml=apache_location.xml + 2 + Virtual Hosts /pkg.php?xml=apache_virtualhost.xml diff --git a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php deleted file mode 100644 index 5448f850..00000000 --- a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php +++ /dev/null @@ -1,205 +0,0 @@ - - Copyright (C) 2012 Marcello Coutinho - Copyright (C) 2012 Carlos Cesario - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -require_once("/etc/inc/util.inc"); -require_once("/etc/inc/functions.inc"); -require_once("/etc/inc/pkg-utils.inc"); -require_once("/etc/inc/globals.inc"); -require_once("guiconfig.inc"); -require_once("apache_mod_security.inc"); - -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) - $one_two = true; - -$pgtitle = "Apache reverse proxy: Apache VirtualHost Location"; - -$virtualhost_id = $_GET['virtualhost_id']; -if (isset($_POST['virtualhost_id'])) - $virtualhost_id = $_POST['virtualhost_id']; - -$backend_id = $_GET['backend_id']; -if (isset($_POST['backend_id'])) - $backend_id = $_POST['backend_id']; - -if (is_array($config['installedpackages']['apachevirtualhost']['config']) && is_array($config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id])) - $virtualhost = &$config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id]; -if (is_array($virtualhost['row']) && is_array($virtualhost['row'][$backend_id])) - $backend = &$virtualhost['row'][$backend_id]; - -/* - * Not having a virtualhost->backend entry means we can't do this. - */ -if (! $backend) { - $input_errors[] = gettext("Requested VirtualHost (ID={$virtualhost_id}) or Backend (ID={$backend_id}) does not exist."); -} - - -if ($_POST) { - unset($input_errors); - - /* - * Check for a valid expirationdate if one is set at all (valid means, - * DateTime puts out a time stamp so any DateTime compatible time - * format may be used. to keep it simple for the enduser, we only - * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs - * like "+1 day", which will be converted to MM/DD/YYYY based on "now". - * Otherwhise such an entry would lead to an invalid expiration data. - */ - if ($_POST['expires']) { - try { - $expdate = new DateTime($_POST['expires']); - //convert from any DateTime compatible date to MM/DD/YYYY - $_POST['expires'] = $expdate->format("m/d/Y"); - } catch ( Exception $ex ) { - $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); - } - } - - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } - - if (!$input_errors) { - if ($_POST['custom']) - $backend['custom'] = base64_encode($_POST['custom']); - else - unset($backend['custom']); - - write_config("Saved Location Custom Settings for location {$backend['sitepath']} on virtual host '{$virtualhost['primarysitehostname']}'"); - apache_mod_security_resync(); - pfSenseHeader("apache_edit_virtualhost_location.php?virtualhost_id={$virtualhost_id}&backend_id={$backend_id}"); - } -} - -include("head.inc"); -?> - - - - - - -

- - - - - -
- - - - -
- -
- -
-
- - - - - - - - - - - - - - - - - - - -
Primary Site Hostname - - - -
Current Site Path - - - -
- -
- - - -
  - - - - - - - " /> - " onclick="history.back()" /> -
-
-
-
- - - - - - diff --git a/config/apache_mod_security-dev/apache_location.xml b/config/apache_mod_security-dev/apache_location.xml new file mode 100644 index 00000000..315cca4c --- /dev/null +++ b/config/apache_mod_security-dev/apache_location.xml @@ -0,0 +1,237 @@ + + + + + + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ +]]> + + apachelocation + 1.0 + Apache reverse proxy: Locations + + + + Apache + /pkg_edit.php?xml=apache_settings.xml&id=0 + + + + ModSecurity + /pkg_edit.php?xml=apache_mod_security_settings.xml + + + Sync + /pkg_edit.php?xml=apache_mod_security_sync.xml + + + Daemon Options + /pkg_edit.php?xml=apache_settings.xml + 2 + + + Backends / Balancers + /pkg.php?xml=apache_balancer.xml + 2 + + + Location(s) + /pkg.php?xml=apache_location.xml + + 2 + + + Virtual Hosts + /pkg.php?xml=apache_virtualhost.xml + 2 + + + Logs + /apache_view_logs.php + 2 + + + + on + + Identifier + name + + + Compress + compress + + + Site Path + sitepath + / + + + Balancer + balancer + + + lbmethod + lbmethod + + + Backendpath + backendpath + / + + + Modsecurity + modsecgroup + None + + + Rule Manipulation + modsecmanipulation + None + + + + + Location Settings + listtopic + + + + name + + input + + 20 + + + + compress + Compress data to save bandwidth? + select + + + + + + + + sitepath + leave blank to use /]]> + input + 30 + + + + balancer + Server balancer / pool + + name + name + none + select_source + 5 + + + LB Method]]> + lbmethod + Server balance method + select + + + + + + + + Backend Path + backendpath + Leave blank to use /]]> + input + 30 + + + + modsecgroup + Choose ModSecurity group to use on this virtual host. + select_source + + name + name + none + + + + modsecmanipulation + Choose Modsecurity group to use on this virtual host. + select_source + + name + name + none + + +   Balancer options]]> + options + ex: ttl=60 stickysession='JSESSIONID']]> + input + 30 + + + Custom Location Options + listtopic + + + Custom Options + custom + + textarea + 90 + 10 + base64 + + + + + + apache_mod_security + apache_mod_security.sh + httpd + + + apache_mod_security_resync(); + + /usr/local/pkg/apache_mod_security.inc + diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 1129af6d..c58210dc 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -211,7 +211,7 @@ function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $ return; if(!$synctimeout) - $synctimeout=250; + $synctimeout=25; $xmlrpc_sync_neighbor = $sync_to_ip; if($config['system']['webgui']['protocol'] != "") { @@ -472,19 +472,8 @@ function generate_apache_configuration() { //chroot apache http://forums.freebsd.org/showthread.php?t=6858 if (is_array($config['installedpackages']['apachemodsecuritygroups'])){ unset($mods_group); - $i=0; - $write_config=0; foreach ($config['installedpackages']['apachemodsecuritygroups']['config'] as $mods_groups){ //RULES_DIRECTORY - $mods_group[$mods_groups['name']]="Include ".RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf\n"; - if ($mods_groups['crs10']==""){ - if (file_exists(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')){ - $config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']=base64_encode(file_get_contents(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')); - $write_config++; - } - } - file_put_contents(RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']),LOCK_EX); - foreach (split(",",$mods_groups['baserules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n"; } @@ -497,10 +486,7 @@ function generate_apache_configuration() { foreach (split(",",$mods_groups['experimentalrules']) as $baserule){ $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n"; } - $i++; } - if ($write_config > 0) - write_config("load crs 10 setup file to modsecurity group {$mods_groups['name']}"); } //print "
";
 	//var_dump($mods_group);
@@ -508,8 +494,20 @@ function generate_apache_configuration() {
 	//mod_security settings
 	if (is_array($config['installedpackages']['apachemodsecuritysettings'])){
 		$mods_settings=$config['installedpackages']['apachemodsecuritysettings']['config'][0];
-	}
-		
+	
+		if ($mods_settings['crs10']=="" && file_exists(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example')){
+			$config['installedpackages']['apachemodsecuritysettings']['config'][0]['crs10']=base64_encode(file_get_contents(RULES_DIRECTORY .'/modsecurity_crs_10_setup.conf.example'));
+			write_config("modsecurity - Load crs 10 default setup file.");
+			}
+			
+		$cr10_setup="Include ".RULES_DIRECTORY ."/modsecurity_crs_10_setup.conf\n";
+		file_put_contents(RULES_DIRECTORY ."/modsecurity_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][0]['crs10']),LOCK_EX);
+		}
+	// create location(s) array
+	if (is_array($config['installedpackages']['apachelocation'])){
+		foreach ($config['installedpackages']['apachelocation']['config'] as $location)
+			$apache_location[$location['name']]=$location;
+		}
 	//configure virtual hosts
 	$namevirtualhosts=array();
 	$namevirtualhosts[0]=$global_listen;
@@ -581,8 +579,9 @@ EOF;
 				$vh_config.= apache_textarea_decode($virtualhost['custom'])."\n\n";
 
 				#Check virtualhost locations
-				foreach ($virtualhost['row'] as $backend){
-					if ($backend['balancer'] != "none"){
+				foreach ($virtualhost['row'] as $be){
+					if ($be['location'] != "none"){
+						$backend=$apache_location[$be['location']];
 						$vh_config.=" \n";
 						$vh_config.="  ProxyPass        balancer://{$backend['balancer']}{$backend['backendpath']}\n";
 						$vh_config.="  ProxyPassReverse balancer://{$backend['balancer']}{$backend['backendpath']}\n";
@@ -713,7 +712,6 @@ EOF;
 			$extendedstatus="ExtendedStatus On";
 		}
 		$mod_status .= <<
 	SetHandler server-status
diff --git a/config/apache_mod_security-dev/apache_mod_security_groups.xml b/config/apache_mod_security-dev/apache_mod_security_groups.xml
index c4651f45..4775fb3c 100644
--- a/config/apache_mod_security-dev/apache_mod_security_groups.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_groups.xml
@@ -190,36 +190,6 @@
 			    
 			
 		
-		
-			mod_security crs 10 setup
-			listtopic
-		
-		
-			mod_security crs 10 setup
-			crs10
-			
-			
-			modsecurity_crs_10_setup.conf file.
Leave empty to load setup defaults.]]>
- textarea - base64 - 15 - 90 -
- - Custom mod_security ErrorDocument - listtopic - - - Custom mod_security ErrorDocument - errordocument - - - Custom mod_security ErrorDocument. - textarea - base64 - 10 - 90 - Custom mod_security rules listtopic diff --git a/config/apache_mod_security-dev/apache_mod_security_settings.xml b/config/apache_mod_security-dev/apache_mod_security_settings.xml index 68581687..bbc7da4a 100644 --- a/config/apache_mod_security-dev/apache_mod_security_settings.xml +++ b/config/apache_mod_security-dev/apache_mod_security_settings.xml @@ -122,6 +122,36 @@ input 10 + + mod_security crs 10 setup + listtopic + + + mod_security crs 10 setup + crs10 + + + modsecurity_crs_10_setup.conf file.
Leave empty to load setup defaults.]]>
+ textarea + base64 + 15 + 90 +
+ + Custom mod_security ErrorDocument + listtopic + + + Custom mod_security ErrorDocument + errordocument + + + Custom mod_security ErrorDocument. + textarea + base64 + 10 + 90 + Modsecurity addons listtopic diff --git a/config/apache_mod_security-dev/apache_mod_security_sync.xml b/config/apache_mod_security-dev/apache_mod_security_sync.xml index 3e1c0a9c..7ecfb68e 100755 --- a/config/apache_mod_security-dev/apache_mod_security_sync.xml +++ b/config/apache_mod_security-dev/apache_mod_security_sync.xml @@ -86,11 +86,11 @@ 250 - - - + - + + + diff --git a/config/apache_mod_security-dev/apache_settings.xml b/config/apache_mod_security-dev/apache_settings.xml index 14415362..1dd4bc78 100644 --- a/config/apache_mod_security-dev/apache_settings.xml +++ b/config/apache_mod_security-dev/apache_settings.xml @@ -67,6 +67,11 @@ /pkg.php?xml=apache_balancer.xml 2 + + Location(s) + /pkg.php?xml=apache_location.xml + 2 + Virtual Hosts /pkg.php?xml=apache_virtualhost.xml @@ -88,6 +93,7 @@ globalsiteadminemail Enter the site administrators e-mail address input + 25 Server hostname @@ -97,6 +103,7 @@ NOTE: Leave blank to use this devices hostname.]]> input + 25 Default Bind to IP Address diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php index 494f37cd..10bb1db6 100644 --- a/config/apache_mod_security-dev/apache_view_logs.php +++ b/config/apache_mod_security-dev/apache_view_logs.php @@ -106,6 +106,7 @@ function showLog(content,url,logtype) unset ($tab_array); $tab_array[] = array(gettext("Daemon Options"), false, "pkg_edit.php?xml=apache_settings.xml"); $tab_array[] = array(gettext("Backends / Balancers"), false, "/pkg.php?xml=apache_balancer.xml"); + $tab_array[] = array(gettext("Location(s)"), false, "/pkg.php?xml=apache_location.xml"); $tab_array[] = array(gettext("Virtual Hosts"), false, "/pkg.php?xml=apache_virtualhost.xml"); $tab_array[] = array(gettext("Logs"), true, "/apache_view_logs.php"); display_top_tabs($tab_array); diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index 53478721..c2c4837b 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -119,6 +119,11 @@ 0755 http://www.pfsense.org/packages/config/apache_mod_security-dev/pkg_apache.inc + + /usr/local/pkg/ + 0755 + http://www.pfsense.org/packages/config/apache_mod_security-dev/apache_location.xml + Apache @@ -143,6 +148,11 @@ /pkg.php?xml=apache_balancer.xml 2 + + Location(s) + /pkg.php?xml=apache_location.xml + 2 + Virtual Hosts /pkg.php?xml=apache_virtualhost.xml @@ -266,101 +276,22 @@ refid none - - - listtopic - locations rowhelper - - - on - - compress - Compress data to save bandwidth? - select - - - - - - - - sitepath - leave blank to use /]]> - input - 12 - - - - balancer - Server balancer / pool - - name - name - none - select_source - 5 - - - LB Method]]> - lbmethod - Server balance method - select - - - - - - - - Backend Path - backendpath - Leave blank to use /]]> - input - 12 - - - - modsecgroup - Choose ModSecurity group to use on this virtual host. - select_source - + + Location + Server locatino + name name none - - - - modsecmanipulation - Choose Modsecurity group to use on this virtual host. select_source - - name - name - none - - -   Balancer options]]> - options - ex: ttl=60 stickysession='JSESSIONID']]> - input - 11 - - - Location Custom Settings - custom - - textarea - 65 - 10 - base64 -- cgit v1.2.3