rpms/mod_security/devel mod_security.conf, NONE, 1.1 mod_security.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2

Michael G. Fleming (mfleming) fedora-extras-commits at redhat.com
Thu May 19 01:39:20 UTC 2005


Author: mfleming

Update of /cvs/extras/rpms/mod_security/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18332/devel

Modified Files:
	.cvsignore sources 
Added Files:
	mod_security.conf mod_security.spec 
Log Message:
auto-import mod_security-1.8.7-1 on branch devel from mod_security-1.8.7-1.src.rpm


--- NEW FILE mod_security.conf ---
# Example configuration file for the mod_security Apache module
# This is a minimal setup. You should add some extra entries here.

LoadModule security_module modules/mod_security.so

<IfModule mod_security.c>

    # Turn the filtering engine On or Off
    SecFilterEngine On

    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    # on the per-directory basis
    SecAuditEngine RelevantOnly

    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On
    
    # Unicode encoding check
    SecFilterCheckUnicodeEncoding On
    
    # Only allow bytes from this range
    SecFilterForceByteRange 1 255

    # Cookie format checks.
    SecFilterCheckCookieFormat On	
 
    # The name of the audit log file
    SecAuditLog logs/audit_log

    # Should mod_security inspect POST payloads
    SecFilterScanPOST On

    # Default action set
    SecFilterDefaultAction "deny,log,status:406"

    # Simple example filter
    # SecFilter 111
   
    # Prevent path traversal (..) attacks
    SecFilter "\.\./"

    # Weaker XSS protection but allows common HTML tags
    SecFilter "<( |\n)*script"

    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<(.|\n)+>"

    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"

    # Require HTTP_USER_AGENT and HTTP_HOST headers
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

    # Only accept request encodings we know how to handle
    # we exclude GET requests from this because some (automated)
    # clients supply "text/html" as Content-Type
    SecFilterSelective REQUEST_METHOD "!^GET$" chain
    SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"

    # Require Content-Length to be provided with
    # every POST request
    SecFilterSelective REQUEST_METHOD "^POST$" chain
    SecFilterSelective HTTP_Content-Length "^$"

    # Don't accept transfer encodings we know we don't handle
    # (and you don't need it anyway)
    SecFilterSelective HTTP_Transfer-Encoding "!^$"

    </IfModule>


--- NEW FILE mod_security.spec ---
Summary: Security module for the Apache HTTP Server
Name: mod_security 
Version: 1.8.7
Release: 1%{?dist}
License: GPL
URL: http://www.modsecurity.org/
Group: System Environment/Daemons
Source: http://www.modsecurity.org/download/modsecurity-1.8.7.tar.gz
Source1: mod_security.conf
BuildRoot: %{_tmppath}/%{name}-root/
Requires: httpd >= 2.0.38
BuildRequires: httpd-devel >= 2.0.38

%description
ModSecurity is an open source intrusion detection and prevention engine for web
applications. It operates embedded into the web server, acting as a powerful
umbrella - shielding web applications from attacks.

%prep

%setup -q -n modsecurity-%{version}

%build
/usr/sbin/apxs -Wc,"%{optflags}" -c apache2/mod_security.c

%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_libdir}/httpd/modules/
mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d/
install -s -p apache2/.libs/mod_security.so %{buildroot}/%{_libdir}/httpd/modules/
install -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/

%clean
rm -rf %{buildroot}

%files
%defattr (-,root,root)
%doc CHANGES LICENSE INSTALL README httpd* *.pdf util
%{_libdir}/httpd/modules/mod_security.so
%config(noreplace) /etc/httpd/conf.d/mod_security.conf

%changelog
* Thu May 19 2005 Michael Fleming <mfleming+rpm at enlartenment.com> 1.8.7-1
- Initial spin for Extras


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/mod_security/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore	19 May 2005 01:37:59 -0000	1.1
+++ .cvsignore	19 May 2005 01:39:17 -0000	1.2
@@ -0,0 +1 @@
+modsecurity-1.8.7.tar.gz


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/mod_security/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources	19 May 2005 01:37:59 -0000	1.1
+++ sources	19 May 2005 01:39:17 -0000	1.2
@@ -0,0 +1 @@
+0dd48656e451c711358c097dc80e0369  modsecurity-1.8.7.tar.gz




More information about the fedora-extras-commits mailing list