Initial version, closes #32190.

3 files changed, 237 insertions, 0 deletions

diff --git a/net-www/mod_security/files/99_mod_security.conf b/net-www/mod_security/files/99_mod_security.conf
new file mode 100644
index 000000000000..4b2cb1b36cc6
--- /dev/null
+++ b/net-www/mod_security/files/99_mod_security.conf
@@ -0,0 +1,123 @@
+<IfDefine SECURITY>
+  <IfModule !mod_security.c>
+    LoadModule security_module    extramodules/mod_security.so
+  </IfModule>
+</IfDefine>
+
+# Examples below are taken from the online documentation
+# Refer to:
+# http://www.modsecurity.org/documentation/quick-examples.html
+
+<IfModule mod_security.c>
+
+    # Turn the filtering engine On or Off
+    SecFilterEngine On
+
+    # Make sure that URL encoding is valid
+    SecFilterCheckURLEncoding On
+
+    # Only allow bytes from this range
+    SecFilterForceByteRange 32 126
+
+    # The audit engine works independently and
+    # can be turned On of Off on the per-server or
+    # on the per-directory basis. "On" will log everything,
+    # "DynamicOrRelevant" will log dynamic requests or violations,
+    # and "RelevantOnly" will only log policy violations
+    SecAuditEngine RelevantOnly
+
+    # The name of the audit log file
+    SecAuditLog logs/audit_log
+
+    SecFilterDebugLog logs/modsec_debug_log
+    SecFilterDebugLevel 0
+
+    # Should mod_security inspect POST payloads
+    SecFilterScanPOST On
+
+    # Action to take by default
+    SecFilterDefaultAction "deny,log,status:500"
+
+    # Redirect user on filter match
+    SecFilter xxx redirect:http://www.webkreator.com
+
+    # Execute the external script on filter match
+    SecFilter yyy log,exec:/home/users/ivanr/apache/bin/report-attack.pl
+
+    # Simple filter
+    SecFilter 111
+    
+    # Only check the QUERY_STRING variable
+    SecFilterSelective QUERY_STRING 222
+
+    # Only check the body of the POST request
+    SecFilterSelective POST_PAYLOAD 333
+
+    # Only check arguments (will work for GET and POST)
+    SecFilterSelective ARGS 444
+
+    # Test filter
+    SecFilter "/cgi-bin/modsec-test.pl/keyword"
+
+    # Another test filter, will be denied with 404 but not logged
+    # action supplied as a parameter overrides the default action
+    SecFilter 999 "deny,nolog,status:500"
+
+    # Prevent OS specific keywords
+    SecFilter /etc/passwd
+
+    # Prevent path traversal (..) attacks
+    SecFilter "\.\./"
+
+    # Weaker XSS protection but allows common HTML tags
+    SecFilter "<[[:space:]]*script"
+
+    # Prevent XSS atacks (HTML/Javascript injection)
+    SecFilter "<(.|\n)+>"
+
+    # Very crude filters to prevent SQL injection attacks
+    SecFilter "delete[[:space:]]+from"
+    SecFilter "insert[[:space:]]+into"
+    SecFilter "select.+from"
+
+    # Require HTTP_USER_AGENT and HTTP_HOST headers
+    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
+
+    # Forbid file upload
+    SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data
+
+    # Only watch argument p1
+    SecFilterSelective "ARG_p1" 555
+
+    # Watch all arguments except p1
+    SecFilterSelective "ARGS|!ARG_p2" 666
+
+    # Only allow our own test utility to send requests (or Mozilla)
+    SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
+
+    # Do not allow variables with this name
+    SecFilterSelective ARGS_NAMES 777
+
+    # Do now allow this variable value (names are ok)
+    SecFilterSelective ARGS_VALUES 888
+
+    # Test for a POST variable parsing bug, see test #41
+    SecFilterSelective ARG_p2 AAA
+
+    # Stop spamming through FormMail
+    # note the exclamation mark at the beginning
+    # of the filter - only requests that match this regex will
+    # be allowed
+    <Location /cgi-bin/FormMail>
+        SecFilterSelective "ARG_recipient" "!@webkreator.com$"
+    </Location>
+
+    # when allowing upload, only allow images
+    # note that this is not foolproof, a determined attacker
+    # could get around this 
+    <Location /fileupload.php>
+        SecFilterInheritance Off
+        SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
+    </Location>
+
+</IfModule>
diff --git a/net-www/mod_security/files/digest-mod_security-1.7.6 b/net-www/mod_security/files/digest-mod_security-1.7.6
new file mode 100644
index 000000000000..0fa61fbcdf47
--- /dev/null
+++ b/net-www/mod_security/files/digest-mod_security-1.7.6
@@ -0,0 +1 @@
+MD5 2be3a3a4ac98a95580e5c01d2d5b3b88 mod_security-1.7.6.tar.gz 272864
diff --git a/net-www/mod_security/files/mod_security.conf b/net-www/mod_security/files/mod_security.conf
new file mode 100644
index 000000000000..186eaf58b46f
--- /dev/null
+++ b/net-www/mod_security/files/mod_security.conf
@@ -0,0 +1,113 @@
+<IfModule mod_security.c>
+
+    # Turn the filtering engine On or Off
+    SecFilterEngine On
+
+    # Make sure that URL encoding is valid
+    SecFilterCheckURLEncoding On
+
+    # Only allow bytes from this range
+    SecFilterForceByteRange 32 126
+
+    # The audit engine works independently and
+    # can be turned On of Off on the per-server or
+    # on the per-directory basis. "On" will log everything,
+    # "DynamicOrRelevant" will log dynamic requests or violations,
+    # and "RelevantOnly" will only log policy violations
+    SecAuditEngine RelevantOnly
+
+    # The name of the audit log file
+    SecAuditLog logs/audit_log
+
+    SecFilterDebugLog logs/modsec_debug_log
+    SecFilterDebugLevel 0
+
+    # Should mod_security inspect POST payloads
+    SecFilterScanPOST On
+
+    # Action to take by default
+    SecFilterDefaultAction "deny,log,status:500"
+
+    # Redirect user on filter match
+    SecFilter xxx redirect:http://www.webkreator.com
+
+    # Execute the external script on filter match
+    SecFilter yyy log,exec:/home/users/ivanr/apache/bin/report-attack.pl
+
+    # Simple filter
+    SecFilter 111
+    
+    # Only check the QUERY_STRING variable
+    SecFilterSelective QUERY_STRING 222
+
+    # Only check the body of the POST request
+    SecFilterSelective POST_PAYLOAD 333
+
+    # Only check arguments (will work for GET and POST)
+    SecFilterSelective ARGS 444
+
+    # Test filter
+    SecFilter "/cgi-bin/modsec-test.pl/keyword"
+
+    # Another test filter, will be denied with 404 but not logged
+    # action supplied as a parameter overrides the default action
+    SecFilter 999 "deny,nolog,status:500"
+
+    # Prevent OS specific keywords
+    SecFilter /etc/passwd
+
+    # Prevent path traversal (..) attacks
+    SecFilter "\.\./"
+
+    # Weaker XSS protection but allows common HTML tags
+    SecFilter "<[[:space:]]*script"
+
+    # Prevent XSS atacks (HTML/Javascript injection)
+    SecFilter "<(.|\n)+>"
+
+    # Very crude filters to prevent SQL injection attacks
+    SecFilter "delete[[:space:]]+from"
+    SecFilter "insert[[:space:]]+into"
+    SecFilter "select.+from"
+
+    # Require HTTP_USER_AGENT and HTTP_HOST headers
+    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
+
+    # Forbid file upload
+    SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data
+
+    # Only watch argument p1
+    SecFilterSelective "ARG_p1" 555
+
+    # Watch all arguments except p1
+    SecFilterSelective "ARGS|!ARG_p2" 666
+
+    # Only allow our own test utility to send requests (or Mozilla)
+    SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
+
+    # Do not allow variables with this name
+    SecFilterSelective ARGS_NAMES 777
+
+    # Do now allow this variable value (names are ok)
+    SecFilterSelective ARGS_VALUES 888
+
+    # Test for a POST variable parsing bug, see test #41
+    SecFilterSelective ARG_p2 AAA
+
+    # Stop spamming through FormMail
+    # note the exclamation mark at the beginning
+    # of the filter - only requests that match this regex will
+    # be allowed
+    <Location /cgi-bin/FormMail>
+        SecFilterSelective "ARG_recipient" "!@webkreator.com$"
+    </Location>
+
+    # when allowing upload, only allow images
+    # note that this is not foolproof, a determined attacker
+    # could get around this 
+    <Location /fileupload.php>
+        SecFilterInheritance Off
+        SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
+    </Location>
+
+</IfModule>