- Ruleset improvements

- Requires httpd-mmn so we only install w/appropriate httpd versions.

mod_security.conf

@@ -37,18 +37,18 @@ LoadModule security_module modules/mod_security.so
     # SecFilter 111
    
     # Prevent path traversal (..) attacks
-    SecFilter "\.\./"
+    # SecFilter "\.\./"
 
     # Weaker XSS protection but allows common HTML tags
-    SecFilter "<( |\n)*script"
+    # SecFilter "<( |\n)*script"
 
     # Prevent XSS atacks (HTML/Javascript injection)
-    SecFilter "<(.|\n)+>"
+    # SecFilter "<(.|\n)+>"
 
     # Very crude filters to prevent SQL injection attacks
-    SecFilter "delete[[:space:]]+from"
-    SecFilter "insert[[:space:]]+into"
-    SecFilter "select.+from"
+    # SecFilter "delete[[:space:]]+from"
+    # SecFilter "insert[[:space:]]+into"
+    # SecFilter "select.+from"
 
     # Require HTTP_USER_AGENT and HTTP_HOST headers
     SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

mod_security.spec

@@ -1,14 +1,15 @@
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
 Version: 1.8.7
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPL
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
 Source: http://www.modsecurity.org/download/modsecurity-%{version}.tar.gz
 Source1: mod_security.conf
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: httpd
+Requires: httpd  httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat
+%{_includedir}/httpd/.mmn || echo missing)
 BuildRequires: httpd-devel
 
 %description
@@ -40,6 +41,11 @@ rm -rf %{buildroot}
 %config(noreplace) /etc/httpd/conf.d/mod_security.conf
 
 %changelog
+* Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-4
+- Add Requires: httpd-mmn to get the appropriate "module magic" version
+  (thanks Ville Skyttä)
+- Disabled an overly-agressive rule or two..
+
 * Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-3
 - Correct Buildroot
 - Some sensible and safe rules for common apps in mod_security.conf