diff --git a/.gitignore b/.gitignore
index 91bf7d1..ac07cf2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ modsecurity-apache_2.5.12.tar.gz
/modsecurity-apache_2.6.5.tar.gz
/modsecurity-apache_2.6.6.tar.gz
/modsecurity-apache_2.6.8.tar.gz
+/modsecurity-apache_2.7.0.tar.gz
diff --git a/mod_security.conf b/mod_security.conf
index 7468a05..092758b 100644
--- a/mod_security.conf
+++ b/mod_security.conf
@@ -1,92 +1,50 @@
-
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
- # This is the ModSecurity Core Rules Set.
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRule REQUEST_HEADERS:Content-Type "text/xml" \
+ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+ SecRequestBodyLimit 13107200
+ SecRequestBodyNoFilesLimit 131072
+ SecRequestBodyInMemoryLimit 131072
+ SecRequestBodyLimitAction Reject
+ SecRule REQBODY_ERROR "!@eq 0" \
+ "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
+ "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
+ failed strict validation: \
+ PE %{REQBODY_PROCESSOR_ERROR}, \
+ BQ %{MULTIPART_BOUNDARY_QUOTED}, \
+ BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
+ DB %{MULTIPART_DATA_BEFORE}, \
+ DA %{MULTIPART_DATA_AFTER}, \
+ HF %{MULTIPART_HEADER_FOLDING}, \
+ LF %{MULTIPART_LF_LINE}, \
+ SM %{MULTIPART_MISSING_SEMICOLON}, \
+ IQ %{MULTIPART_INVALID_QUOTING}, \
+ IP %{MULTIPART_INVALID_PART}, \
+ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+ FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
- # Basic configuration goes in here
- Include modsecurity.d/*.conf
- Include modsecurity.d/activated_rules/*.conf
+ SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
+ "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
- # Additional items taken from new minimal modsecurity conf
- # Basic configuration options
- SecRuleEngine On
- SecRequestBodyAccess On
- SecResponseBodyAccess Off
-
- # Handling of file uploads
- # TODO Choose a folder private to Apache.
- # SecUploadDir /opt/apache-frontend/tmp/
- SecUploadKeepFiles Off
- SecUploadFileLimit 10
+ SecPcreMatchLimit 1000
+ SecPcreMatchLimitRecursion 1000
- # Debug log
- SecDebugLog /var/log/httpd/modsec_debug.log
- SecDebugLogLevel 0
+ SecRule TX:/^MSC_/ "!@streq 0" \
+ "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
- # Audit log
- SecAuditEngine RelevantOnly
- SecAuditLogRelevantStatus ^5
- SecAuditLogType Serial
- SecAuditLogParts ABIFHZ
- SecAuditLog /var/log/httpd/modsec_audit.log
-
- # Alternative mlogc configuration
- #SecAuditLogType Concurrent
- #SecAuditLogParts ABIDEFGHZ
- #SecAuditLogStorageDir /var/log/mlogc/data
- #SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"
-
- # Set Data Directory
- SecDataDir /var/log/httpd/
-
- # Maximum request body size we will
- # accept for buffering
- SecRequestBodyLimit 131072
-
- # Store up to 128 KB in memory
- SecRequestBodyInMemoryLimit 131072
-
- # Buffer response bodies of up to
- # 512 KB in length
- SecResponseBodyLimit 524288
-
- # Verify that we've correctly processed the request body.
- # As a rule of thumb, when failing to process a request body
- # you should reject the request (when deployed in blocking mode)
- # or log a high-severity alert (when deployed in detection-only mode).
- SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \
- "phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"
-
- # By default be strict with what we accept in the multipart/form-data
- # request body. If the rule below proves to be too strict for your
- # environment consider changing it to detection-only. You are encouraged
- # _not_ to remove it altogether.
- SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
- "phase:2,t:none,log,deny,msg:'Multipart request body \
- failed strict validation: \
- PE %{REQBODY_PROCESSOR_ERROR}, \
- BQ %{MULTIPART_BOUNDARY_QUOTED}, \
- BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
- DB %{MULTIPART_DATA_BEFORE}, \
- DA %{MULTIPART_DATA_AFTER}, \
- HF %{MULTIPART_HEADER_FOLDING}, \
- LF %{MULTIPART_LF_LINE}, \
- SM %{MULTIPART_SEMICOLON_MISSING}, \
- IQ %{MULTIPART_INVALID_QUOTING}, \
- IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
- IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
-
- # Did we see anything that might be a boundary?
- SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
- "phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
-
- # Some internal errors will set flags in TX and we will need to look for these.
- # All of these are prefixed with "MSC_". The following flags currently exist:
- #
- # MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded.
- #
- SecRule TX:/^MSC_/ "!@streq 0" \
- "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
+ SecResponseBodyAccess Off
+ SecDebugLog /var/log/httpd/modsec_debug.log
+ SecDebugLogLevel 0
+ SecAuditEngine RelevantOnly
+ SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+ SecAuditLogParts ABIJDEFHZ
+ SecAuditLogType Serial
+ SecAuditLog /var/log/httpd/modsec_audit.log
+ SecArgumentSeparator &
+ SecCookieFormat 0
diff --git a/mod_security.spec b/mod_security.spec
index c8869f6..c0573c2 100644
--- a/mod_security.spec
+++ b/mod_security.spec
@@ -7,7 +7,7 @@
Summary: Security module for the Apache HTTP Server
Name: mod_security
-Version: 2.6.8
+Version: 2.7.0
Release: 1%{?dist}
License: ASL 2.0
URL: http://www.modsecurity.org/
@@ -22,7 +22,6 @@ ModSecurity is an open source intrusion detection and prevention engine
for web applications. It operates embedded into the web server, acting
as a powerful umbrella - shielding web applications from attacks.
-%if 0%{?fedora}
%package -n mlogc
Summary: ModSecurity Audit Log Collector
Group: System Environment/Daemons
@@ -30,7 +29,6 @@ Requires: mod_security
%description -n mlogc
This package contains the ModSecurity Audit Log Collector.
-%endif
%prep
%setup -q -n modsecurity-apache_%{version}
@@ -68,14 +66,12 @@ install -Dp -m0644 10-mod_security.conf %{buildroot}%{_httpd_modconfdir}/10-mod_
install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
%endif
-%if 0%{?fedora}
# mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc/data
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
-%endif
%clean
rm -rf %{buildroot}
@@ -91,7 +87,6 @@ rm -rf %{buildroot}
%dir %{_sysconfdir}/httpd/modsecurity.d
%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
-%if 0%{?fedora}
%files -n mlogc
%defattr (-,root,root)
%doc mlogc/INSTALL
@@ -100,12 +95,20 @@ rm -rf %{buildroot}
%attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
%attr(0755,root,root) %{_bindir}/mlogc
%attr(0755,root,root) %{_bindir}/mlogc-batch-load
-%endif
%changelog
+* Wed Oct 17 2012 Athmane Madjoudj 2.7.0-1
+- Update to 2.7.0
+
* Fri Sep 28 2012 Athmane Madjoudj 2.6.8-1
- Update to 2.6.8
+* Wed Sep 12 2012 Athmane Madjoudj 2.6.7-2
+- Re-add mlogc sub-package for epel (#856525)
+
+* Sat Aug 25 2012 Athmane Madjoudj 2.6.7-1
+- Update to 2.6.7
+
* Sat Aug 25 2012 Athmane Madjoudj 2.6.7-1
- Update to 2.6.7
diff --git a/sources b/sources
index 8d5c6ea..d4376ca 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-430449ab9ee906c464aa70b79f9c2230 modsecurity-apache_2.6.8.tar.gz
+8e608bdc01a619219f35c6125f1d9860 modsecurity-apache_2.7.0.tar.gz