auto-import mod_security-1.8.7-1 on branch devel from

mod_security-1.8.7-1.src.rpm
This commit is contained in:
Michael Fleming 2005-05-19 01:39:17 +00:00
parent c498de8b16
commit 96023a020e
4 changed files with 118 additions and 0 deletions

View File

@ -0,0 +1 @@
modsecurity-1.8.7.tar.gz

72
mod_security.conf Normal file
View File

@ -0,0 +1,72 @@
# Example configuration file for the mod_security Apache module
# This is a minimal setup. You should add some extra entries here.
LoadModule security_module modules/mod_security.so
<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On
# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis
SecAuditEngine RelevantOnly
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# Unicode encoding check
SecFilterCheckUnicodeEncoding On
# Only allow bytes from this range
SecFilterForceByteRange 1 255
# Cookie format checks.
SecFilterCheckCookieFormat On
# The name of the audit log file
SecAuditLog logs/audit_log
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# Default action set
SecFilterDefaultAction "deny,log,status:406"
# Simple example filter
# SecFilter 111
# Prevent path traversal (..) attacks
SecFilter "\.\./"
# Weaker XSS protection but allows common HTML tags
SecFilter "<( |\n)*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|\n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Require HTTP_USER_AGENT and HTTP_HOST headers
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply "text/html" as Content-Type
SecFilterSelective REQUEST_METHOD "!^GET$" chain
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"
</IfModule>

44
mod_security.spec Normal file
View File

@ -0,0 +1,44 @@
Summary: Security module for the Apache HTTP Server
Name: mod_security
Version: 1.8.7
Release: 1%{?dist}
License: GPL
URL: http://www.modsecurity.org/
Group: System Environment/Daemons
Source: http://www.modsecurity.org/download/modsecurity-1.8.7.tar.gz
Source1: mod_security.conf
BuildRoot: %{_tmppath}/%{name}-root/
Requires: httpd >= 2.0.38
BuildRequires: httpd-devel >= 2.0.38
%description
ModSecurity is an open source intrusion detection and prevention engine for web
applications. It operates embedded into the web server, acting as a powerful
umbrella - shielding web applications from attacks.
%prep
%setup -q -n modsecurity-%{version}
%build
/usr/sbin/apxs -Wc,"%{optflags}" -c apache2/mod_security.c
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_libdir}/httpd/modules/
mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d/
install -s -p apache2/.libs/mod_security.so %{buildroot}/%{_libdir}/httpd/modules/
install -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/
%clean
rm -rf %{buildroot}
%files
%defattr (-,root,root)
%doc CHANGES LICENSE INSTALL README httpd* *.pdf util
%{_libdir}/httpd/modules/mod_security.so
%config(noreplace) /etc/httpd/conf.d/mod_security.conf
%changelog
* Thu May 19 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-1
- Initial spin for Extras

View File

@ -0,0 +1 @@
0dd48656e451c711358c097dc80e0369 modsecurity-1.8.7.tar.gz