[mod_security] Add support for user-provided configurations and rules (rhbz #1129843)
Athmane Madjoudj
athmane at fedoraproject.org
Fri Aug 15 17:15:43 UTC 2014
commit f262c30fba74f3298352e52bf3e891ae25571ef3
Author: Athmane Madjoudj <athmane at fedoraproject.org>
Date: Fri Aug 15 18:15:30 2014 +0100
Add support for user-provided configurations and rules (rhbz #1129843)
mod_security.conf | 10 ++++++----
mod_security.spec | 12 +++++++++++-
modsecurity_localrules.conf | 9 ++++++++-
3 files changed, 25 insertions(+), 6 deletions(-)
---
diff --git a/mod_security.conf b/mod_security.conf
index e02f8a7..e9fe3dd 100644
--- a/mod_security.conf
+++ b/mod_security.conf
@@ -1,8 +1,4 @@
<IfModule mod_security2.c>
- # ModSecurity Core Rules Set configuration
- Include modsecurity.d/*.conf
- Include modsecurity.d/activated_rules/*.conf
-
# Default recommended configuration
SecRuleEngine On
SecRequestBodyAccess On
@@ -51,4 +47,10 @@
SecCookieFormat 0
SecTmpDir /var/lib/mod_security
SecDataDir /var/lib/mod_security
+
+ # ModSecurity Core Rules Set and Local configuration
+ Include modsecurity.d/*.conf
+ Include modsecurity.d/activated_rules/*.conf
+ Include modsecurity.d/local_rules/*.conf
+
</IfModule>
diff --git a/mod_security.spec b/mod_security.spec
index 7cbef8f..1258edc 100644
--- a/mod_security.spec
+++ b/mod_security.spec
@@ -10,13 +10,14 @@
Summary: Security module for the Apache HTTP Server
Name: mod_security
Version: 2.8.0
-Release: 2%{?dist}
+Release: 4%{?dist}
License: ASL 2.0
URL: http://www.modsecurity.org/
Group: System Environment/Daemons
Source: https://www.modsecurity.org/tarball/%{version}/modsecurity-%{version}.tar.gz
Source1: mod_security.conf
Source2: 10-mod_security.conf
+Source3: modsecurity_localrules.conf
Requires: httpd httpd-mmn = %{_httpd_mmn}
BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel
@@ -62,6 +63,7 @@ install -d %{buildroot}%{_bindir}
install -d %{buildroot}%{_httpd_moddir}
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
+install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules
install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_httpd_moddir}/mod_security2.so
@@ -77,6 +79,9 @@ cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf
%endif
install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
+# Local rules example
+install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
+
# mlogc
%if %with_mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc
@@ -99,6 +104,8 @@ rm -rf %{buildroot}
%endif
%dir %{_sysconfdir}/httpd/modsecurity.d
%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
+%dir %{_sysconfdir}/httpd/modsecurity.d/local_rules
+%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf
%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
%if %with_mlogc
@@ -113,6 +120,9 @@ rm -rf %{buildroot}
%endif
%changelog
+* Fri Aug 15 2014 Athmane Madjoudj <athmane at fedoraproject.org> 2.8.0-4
+- Add support for user-provided configurations and rules (rhbz #1129843)
+
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
diff --git a/modsecurity_localrules.conf b/modsecurity_localrules.conf
index f0fb12c..983d7df 100644
--- a/modsecurity_localrules.conf
+++ b/modsecurity_localrules.conf
@@ -1,2 +1,9 @@
-# Drop your local rules in here.
+# User defined rules and settings .
+#
+# You can use this file/directory to drop your local rules or
+# to remove some rules provided by mod_security_crs package with SecRuleRemoveById
+#
+# You can also disable mod_security for some incompatible web applications (eg. phpMyAdmin).
+#
+#
More information about the scm-commits
mailing list