auto-import mod_security-1.8.7-1 on branch devel from

mod_security-1.8.7-1.src.rpm

.cvsignore

@@ -0,0 +1 @@
+modsecurity-1.8.7.tar.gz

mod_security.conf

@@ -0,0 +1,72 @@
+# Example configuration file for the mod_security Apache module
+# This is a minimal setup. You should add some extra entries here.
+
+LoadModule security_module modules/mod_security.so
+
+<IfModule mod_security.c>
+
+    # Turn the filtering engine On or Off
+    SecFilterEngine On
+
+    # The audit engine works independently and
+    # can be turned On of Off on the per-server or
+    # on the per-directory basis
+    SecAuditEngine RelevantOnly
+
+    # Make sure that URL encoding is valid
+    SecFilterCheckURLEncoding On
+    
+    # Unicode encoding check
+    SecFilterCheckUnicodeEncoding On
+    
+    # Only allow bytes from this range
+    SecFilterForceByteRange 1 255
+
+    # Cookie format checks.
+    SecFilterCheckCookieFormat On	
+ 
+    # The name of the audit log file
+    SecAuditLog logs/audit_log
+
+    # Should mod_security inspect POST payloads
+    SecFilterScanPOST On
+
+    # Default action set
+    SecFilterDefaultAction "deny,log,status:406"
+
+    # Simple example filter
+    # SecFilter 111
+   
+    # Prevent path traversal (..) attacks
+    SecFilter "\.\./"
+
+    # Weaker XSS protection but allows common HTML tags
+    SecFilter "<( |\n)*script"
+
+    # Prevent XSS atacks (HTML/Javascript injection)
+    SecFilter "<(.|\n)+>"
+
+    # Very crude filters to prevent SQL injection attacks
+    SecFilter "delete[[:space:]]+from"
+    SecFilter "insert[[:space:]]+into"
+    SecFilter "select.+from"
+
+    # Require HTTP_USER_AGENT and HTTP_HOST headers
+    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
+
+    # Only accept request encodings we know how to handle
+    # we exclude GET requests from this because some (automated)
+    # clients supply "text/html" as Content-Type
+    SecFilterSelective REQUEST_METHOD "!^GET$" chain
+    SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
+
+    # Require Content-Length to be provided with
+    # every POST request
+    SecFilterSelective REQUEST_METHOD "^POST$" chain
+    SecFilterSelective HTTP_Content-Length "^$"
+
+    # Don't accept transfer encodings we know we don't handle
+    # (and you don't need it anyway)
+    SecFilterSelective HTTP_Transfer-Encoding "!^$"
+
+    </IfModule>

mod_security.spec

@@ -0,0 +1,44 @@
+Summary: Security module for the Apache HTTP Server
+Name: mod_security 
+Version: 1.8.7
+Release: 1%{?dist}
+License: GPL
+URL: http://www.modsecurity.org/
+Group: System Environment/Daemons
+Source: http://www.modsecurity.org/download/modsecurity-1.8.7.tar.gz
+Source1: mod_security.conf
+BuildRoot: %{_tmppath}/%{name}-root/
+Requires: httpd >= 2.0.38
+BuildRequires: httpd-devel >= 2.0.38
+
+%description
+ModSecurity is an open source intrusion detection and prevention engine for web
+applications. It operates embedded into the web server, acting as a powerful
+umbrella - shielding web applications from attacks.
+
+%prep
+
+%setup -q -n modsecurity-%{version}
+
+%build
+/usr/sbin/apxs -Wc,"%{optflags}" -c apache2/mod_security.c
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}%{_libdir}/httpd/modules/
+mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d/
+install -s -p apache2/.libs/mod_security.so %{buildroot}/%{_libdir}/httpd/modules/
+install -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr (-,root,root)
+%doc CHANGES LICENSE INSTALL README httpd* *.pdf util
+%{_libdir}/httpd/modules/mod_security.so
+%config(noreplace) /etc/httpd/conf.d/mod_security.conf
+
+%changelog
+* Thu May 19 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-1
+- Initial spin for Extras

sources

@@ -0,0 +1 @@
+0dd48656e451c711358c097dc80e0369  modsecurity-1.8.7.tar.gz