demus/mod_security-rpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Ruleset improvements

Browse Source 
- Requires httpd-mmn so we only install w/appropriate httpd versions.
This commit is contained in:
Michael Fleming 2005-07-09 11:58:44 +00:00
parent e4e1b1143c
commit ad8d19a08c
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mod_security.conf
View File

@ -37,18 +37,18 @@ LoadModule security_module modules/mod_security.so
# SecFilter 111 # SecFilter 111
# Prevent path traversal (..) attacks # Prevent path traversal (..) attacks
SecFilter "\.\./" # SecFilter "\.\./"
# Weaker XSS protection but allows common HTML tags # Weaker XSS protection but allows common HTML tags
SecFilter "<( |\n)*script" # SecFilter "<( |\n)*script"
# Prevent XSS atacks (HTML/Javascript injection) # Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|\n)+>" # SecFilter "<(.|\n)+>"
# Very crude filters to prevent SQL injection attacks # Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from" # SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into" # SecFilter "insert[[:space:]]+into"
SecFilter "select.+from" # SecFilter "select.+from"
# Require HTTP_USER_AGENT and HTTP_HOST headers # Require HTTP_USER_AGENT and HTTP_HOST headers
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$" SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

10
mod_security.spec
View File

@ -1,14 +1,15 @@
Summary: Security module for the Apache HTTP Server Summary: Security module for the Apache HTTP Server
Name: mod_security Name: mod_security
Version: 1.8.7 Version: 1.8.7
Release: 3%{?dist} Release: 4%{?dist}
License: GPL License: GPL
URL: http://www.modsecurity.org/ URL: http://www.modsecurity.org/
Group: System Environment/Daemons Group: System Environment/Daemons
Source: http://www.modsecurity.org/download/modsecurity-%{version}.tar.gz Source: http://www.modsecurity.org/download/modsecurity-%{version}.tar.gz
Source1: mod_security.conf Source1: mod_security.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: httpd Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat
%{_includedir}/httpd/.mmn || echo missing)
BuildRequires: httpd-devel BuildRequires: httpd-devel
%description %description
@ -40,6 +41,11 @@ rm -rf %{buildroot}
%config(noreplace) /etc/httpd/conf.d/mod_security.conf %config(noreplace) /etc/httpd/conf.d/mod_security.conf
%changelog %changelog
* Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-4
- Add Requires: httpd-mmn to get the appropriate "module magic" version
(thanks Ville Skyttä)
- Disabled an overly-agressive rule or two..
* Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-3 * Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-3
- Correct Buildroot - Correct Buildroot
- Some sensible and safe rules for common apps in mod_security.conf - Some sensible and safe rules for common apps in mod_security.conf