diff --git a/apache2-mod_security2.changes b/apache2-mod_security2.changes index ae116f0..d356493 100644 --- a/apache2-mod_security2.changes +++ b/apache2-mod_security2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jan 23 16:56:55 CET 2009 - skh@suse.de + +- fix broken config [bnc#457200] + ------------------------------------------------------------------- Mon Sep 15 14:05:05 CEST 2008 - skh@suse.de diff --git a/apache2-mod_security2.spec b/apache2-mod_security2.spec index d658e60..56b9207 100644 --- a/apache2-mod_security2.spec +++ b/apache2-mod_security2.spec @@ -1,7 +1,7 @@ # # spec file for package apache2-mod_security2 (Version 2.5.6) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Name: apache2-mod_security2 Version: 2.5.6 -Release: 1 +Release: 2 # License: GPL v2 only; GPLv2 with some FLOSS linking exceptions Group: Productivity/Networking/Web/Servers @@ -39,6 +39,7 @@ Requires: apache2 %{apache_mmn} # Url: http://www.modsecurity.org/ Source: http://www.modsecurity.org/download/%{tarballname}.tar.gz +Source1: mod_security2.conf # Summary: ModSecurity Open Source Web Application Firewall @@ -65,7 +66,7 @@ pushd %{apache} install -d -m 0755 %{buildroot}%{apache_libexecdir} install .libs/mod_security2.so %{buildroot}%{apache_libexecdir}/%{modname}.so popd -install -D -m 0644 modsecurity.conf-minimal %{buildroot}%{apache_sysconfdir}/conf.d/%{modname}.conf +install -D -m 0644 %{SOURCE1} %{buildroot}%{apache_sysconfdir}/conf.d/%{modname}.conf %clean %{__rm} -rf %{buildroot}; @@ -79,6 +80,8 @@ install -D -m 0644 modsecurity.conf-minimal %{buildroot}%{apache_sysconfdir}/con %doc tools rules %changelog +* Fri Jan 23 2009 skh@suse.de +- fix broken config [bnc#457200] * Mon Sep 15 2008 skh@suse.de - update to version 2.5.6 - initial submit to FACTORY diff --git a/mod_security2.conf b/mod_security2.conf new file mode 100644 index 0000000..fee845f --- /dev/null +++ b/mod_security2.conf @@ -0,0 +1,60 @@ + + # Basic configuration options + SecRuleEngine On + SecRequestBodyAccess On + SecResponseBodyAccess Off + + # Handling of file uploads + # TODO Choose a folder private to Apache. + # SecUploadDir /opt/apache-frontend/tmp/ + SecUploadKeepFiles Off + + # Debug log + SecDebugLog /var/log/apache2/modsec_debug.log + SecDebugLogLevel 0 + + # Serial audit log + SecAuditEngine RelevantOnly + SecAuditLogRelevantStatus ^5 + SecAuditLogParts ABIFHZ + SecAuditLogType Serial + SecAuditLog /var/log/apache2/modsec_audit.log + + # Maximum request body size we will + # accept for buffering + SecRequestBodyLimit 131072 + + # Store up to 128 KB in memory + SecRequestBodyInMemoryLimit 131072 + + # Buffer response bodies of up to + # 512 KB in length + SecResponseBodyLimit 524288 + + # Verify that we've correctly processed the request body. + # As a rule of thumb, when failing to process a request body + # you should reject the request (when deployed in blocking mode) + # or log a high-severity alert (when deployed in detection-only mode). + SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \ + "phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2" + + # By default be strict with what we accept in the multipart/form-data + # request body. If the rule below proves to be too strict for your + # environment consider changing it to detection-only. You are encouraged + # _not_ to remove it altogether. + SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ + "phase:2,t:none,log,deny,msg:'Multipart request body \ + failed strict validation: \ + PE %{REQBODY_PROCESSOR_ERROR}, \ + BQ %{MULTIPART_BOUNDARY_QUOTED}, \ + BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ + DB %{MULTIPART_DATA_BEFORE}, \ + DA %{MULTIPART_DATA_AFTER}, \ + HF %{MULTIPART_HEADER_FOLDING}, \ + LF %{MULTIPART_LF_LINE}, \ + SM %{MULTIPART_SEMICOLON_MISSING}'" + + # Did we see anything that might be a boundary? + SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ + "phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" +