Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-www/mod_security
diff options
context:
space:
mode:
Diffstat (limited to 'net-www/mod_security')
-rw-r--r--net-www/mod_security/ChangeLog10
-rw-r--r--net-www/mod_security/Manifest9
-rw-r--r--net-www/mod_security/files/1.8.6/99_mod_security.conf123
-rw-r--r--net-www/mod_security/files/digest-mod_security-1.8.61
-rw-r--r--net-www/mod_security/metadata.xml6
-rw-r--r--net-www/mod_security/mod_security-1.7.6.ebuild4
-rw-r--r--net-www/mod_security/mod_security-1.8.6.ebuild29
7 files changed, 172 insertions, 10 deletions
diff --git a/net-www/mod_security/ChangeLog b/net-www/mod_security/ChangeLog
index 16374930e446..e19a82855b00 100644
--- a/net-www/mod_security/ChangeLog
+++ b/net-www/mod_security/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for net-www/mod_security
-# Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/ChangeLog,v 1.6 2004/10/19 03:10:11 weeve Exp $
+# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/ChangeLog,v 1.7 2005/01/09 00:17:26 hollow Exp $
+
+*mod_security-1.8.6 (09 Jan 2005)
+
+ 09 Jan 2005; Benedikt Boehm <hollow@gentoo.org> metadata.xml,
+ +files/1.8.6/99_mod_security.conf, +mod_security-1.8.6.ebuild:
+ Apache herd package refresh
18 Oct 2004; Jason Wever <weeve@gentoo.org> mod_security-1.7.6.ebuild:
Added ~sparc keyword wrt bug #66615.
diff --git a/net-www/mod_security/Manifest b/net-www/mod_security/Manifest
index 3a2c13289b1e..0c243f351c0f 100644
--- a/net-www/mod_security/Manifest
+++ b/net-www/mod_security/Manifest
@@ -1,6 +1,9 @@
-MD5 487f62726d2993c47abc4e8da0b30069 ChangeLog 907
-MD5 5b6dd438f81019e56fa641841c0c13fe metadata.xml 501
-MD5 443586118ca1af5e7c70e0d4a96db1c6 mod_security-1.7.6.ebuild 1320
+MD5 8e0a82240a311d0edae1c3d5572671d7 ChangeLog 1102
+MD5 0d18f0fe5d603b41b988373892caf195 metadata.xml 226
+MD5 ff5b5f08fd4a754cd2a5de4264692dcb mod_security-1.7.6.ebuild 1320
+MD5 a86ebb07ef7e06c4ac4c7f15a5ceac37 mod_security-1.8.6.ebuild 951
MD5 4ff2b278a8aaff992f04347e4fda401b files/99_mod_security.conf 3671
MD5 93b283b1aef242964a12edd89989d103 files/digest-mod_security-1.7.6 70
MD5 854e24ef0e50b53915629f226e76b43c files/mod_security.conf 3399
+MD5 acba071671480e82391bcf1022f3838a files/digest-mod_security-1.8.6 70
+MD5 99189490f6840a16c1e14874719592cf files/1.8.6/99_mod_security.conf 3666
diff --git a/net-www/mod_security/files/1.8.6/99_mod_security.conf b/net-www/mod_security/files/1.8.6/99_mod_security.conf
new file mode 100644
index 000000000000..1269365021b4
--- /dev/null
+++ b/net-www/mod_security/files/1.8.6/99_mod_security.conf
@@ -0,0 +1,123 @@
+<IfDefine SECURITY>
+ <IfModule !mod_security.c>
+ LoadModule security_module modules/mod_security.so
+ </IfModule>
+</IfDefine>
+
+# Examples below are taken from the online documentation
+# Refer to:
+# http://www.modsecurity.org/documentation/quick-examples.html
+
+<IfModule mod_security.c>
+
+ # Turn the filtering engine On or Off
+ SecFilterEngine On
+
+ # Make sure that URL encoding is valid
+ SecFilterCheckURLEncoding On
+
+ # Only allow bytes from this range
+ SecFilterForceByteRange 32 126
+
+ # The audit engine works independently and
+ # can be turned On of Off on the per-server or
+ # on the per-directory basis. "On" will log everything,
+ # "DynamicOrRelevant" will log dynamic requests or violations,
+ # and "RelevantOnly" will only log policy violations
+ SecAuditEngine RelevantOnly
+
+ # The name of the audit log file
+ SecAuditLog logs/audit_log
+
+ SecFilterDebugLog logs/modsec_debug_log
+ SecFilterDebugLevel 0
+
+ # Should mod_security inspect POST payloads
+ SecFilterScanPOST On
+
+ # Action to take by default
+ SecFilterDefaultAction "deny,log,status:500"
+
+ # Redirect user on filter match
+ SecFilter xxx redirect:http://www.webkreator.com
+
+ # Execute the external script on filter match
+ SecFilter yyy log,exec:/home/users/ivanr/apache/bin/report-attack.pl
+
+ # Simple filter
+ SecFilter 111
+
+ # Only check the QUERY_STRING variable
+ SecFilterSelective QUERY_STRING 222
+
+ # Only check the body of the POST request
+ SecFilterSelective POST_PAYLOAD 333
+
+ # Only check arguments (will work for GET and POST)
+ SecFilterSelective ARGS 444
+
+ # Test filter
+ SecFilter "/cgi-bin/modsec-test.pl/keyword"
+
+ # Another test filter, will be denied with 404 but not logged
+ # action supplied as a parameter overrides the default action
+ SecFilter 999 "deny,nolog,status:500"
+
+ # Prevent OS specific keywords
+ SecFilter /etc/passwd
+
+ # Prevent path traversal (..) attacks
+ SecFilter "\.\./"
+
+ # Weaker XSS protection but allows common HTML tags
+ SecFilter "<[[:space:]]*script"
+
+ # Prevent XSS atacks (HTML/Javascript injection)
+ SecFilter "<(.|\n)+>"
+
+ # Very crude filters to prevent SQL injection attacks
+ SecFilter "delete[[:space:]]+from"
+ SecFilter "insert[[:space:]]+into"
+ SecFilter "select.+from"
+
+ # Require HTTP_USER_AGENT and HTTP_HOST headers
+ SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
+
+ # Forbid file upload
+ SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data
+
+ # Only watch argument p1
+ SecFilterSelective "ARG_p1" 555
+
+ # Watch all arguments except p1
+ SecFilterSelective "ARGS|!ARG_p2" 666
+
+ # Only allow our own test utility to send requests (or Mozilla)
+ SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
+
+ # Do not allow variables with this name
+ SecFilterSelective ARGS_NAMES 777
+
+ # Do now allow this variable value (names are ok)
+ SecFilterSelective ARGS_VALUES 888
+
+ # Test for a POST variable parsing bug, see test #41
+ SecFilterSelective ARG_p2 AAA
+
+ # Stop spamming through FormMail
+ # note the exclamation mark at the beginning
+ # of the filter - only requests that match this regex will
+ # be allowed
+ <Location /cgi-bin/FormMail>
+ SecFilterSelective "ARG_recipient" "!@webkreator.com$"
+ </Location>
+
+ # when allowing upload, only allow images
+ # note that this is not foolproof, a determined attacker
+ # could get around this
+ <Location /fileupload.php>
+ SecFilterInheritance Off
+ SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
+ </Location>
+
+</IfModule>
diff --git a/net-www/mod_security/files/digest-mod_security-1.8.6 b/net-www/mod_security/files/digest-mod_security-1.8.6
new file mode 100644
index 000000000000..74043f2eee27
--- /dev/null
+++ b/net-www/mod_security/files/digest-mod_security-1.8.6
@@ -0,0 +1 @@
+MD5 f6bf4724dd0db3d37586b64bc0ee160d mod_security-1.8.6.tar.gz 355105
diff --git a/net-www/mod_security/metadata.xml b/net-www/mod_security/metadata.xml
index bcaabdbbd0d3..10510cb8be95 100644
--- a/net-www/mod_security/metadata.xml
+++ b/net-www/mod_security/metadata.xml
@@ -2,7 +2,7 @@
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>apache</herd>
-<longdescription>
-The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
-</longdescription>
+<maintainer>
+ <email>apache-devs@gentoo.org</email>
+</maintainer>
</pkgmetadata>
diff --git a/net-www/mod_security/mod_security-1.7.6.ebuild b/net-www/mod_security/mod_security-1.7.6.ebuild
index 635fe62f35e0..76d3259fee41 100644
--- a/net-www/mod_security/mod_security-1.7.6.ebuild
+++ b/net-www/mod_security/mod_security-1.7.6.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/mod_security-1.7.6.ebuild,v 1.6 2004/10/19 03:10:11 weeve Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/mod_security-1.7.6.ebuild,v 1.7 2005/01/09 00:17:26 hollow Exp $
DESCRIPTION="Intrusion Detection System for apache"
HOMEPAGE="http://www.modsecurity.org"
diff --git a/net-www/mod_security/mod_security-1.8.6.ebuild b/net-www/mod_security/mod_security-1.8.6.ebuild
new file mode 100644
index 000000000000..5f24d9802166
--- /dev/null
+++ b/net-www/mod_security/mod_security-1.8.6.ebuild
@@ -0,0 +1,29 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/mod_security-1.8.6.ebuild,v 1.1 2005/01/09 00:17:26 hollow Exp $
+
+inherit eutils apache-module
+
+DESCRIPTION="Intrusion Detection System for apache"
+HOMEPAGE="http://www.modsecurity.org"
+SRC_URI="http://www.modsecurity.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc"
+IUSE="doc"
+
+APXS1_ARGS="-S LIBEXECDIR=${S} -c ${S}/apache1/mod_security.c"
+APACHE1_MOD_FILE="apache1/${PN}.so"
+APACHE1_MOD_CONF="${PVR}/99_mod_security"
+APACHE1_MOD_DEFINE="SECURITY"
+
+APXS2_ARGS="-S LIBEXECDIR=${S} -c ${S}/apache2/mod_security.c"
+APACHE2_MOD_FILE="apache2/.libs/${PN}.so"
+APACHE2_MOD_CONF="${PVR}/99_mod_security"
+APACHE2_MOD_DEFINE="SECURITY"
+
+DOCFILES="CHANGES httpd.conf.* INSTALL LICENSE README"
+useq doc && DOCFILES="${DOCFILES} modsecurity-manual.pdf"
+
+need_apache