diff options
Diffstat (limited to 'sca-cpp/trunk/modules/http')
| -rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-conf | 15 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-ssl-conf | 10 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/mod-security-conf | 13 |
3 files changed, 31 insertions, 7 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf index 9b55270bea..5d4e9f5485 100755 --- a/sca-cpp/trunk/modules/http/httpd-conf +++ b/sca-cpp/trunk/modules/http/httpd-conf @@ -82,9 +82,10 @@ HostNameLookups Off # status response-size "referrer" "user-agent" "user-track" local-IP # virtual-host response-time bytes-received bytes-sent LogLevel notice -ErrorLog $root/logs/error_log LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{cookie}n\" %A %V %D %I %O" combined -CustomLog $root/logs/access_log combined +Include conf/log.conf + +# Configure tracking CookieTracking on CookieName TuscanyVisitorId CookieStyle Cookie @@ -93,7 +94,7 @@ CookieExpires 31556926 # Configure Mime types and default charsets TypesConfig $here/conf/mime.types AddDefaultCharset utf-8 -AddCharset utf-8 .js .css +AddCharset utf-8 .html .js .css # Configure cache control SetEnvIf Request_URI "^/app.html$" must-revalidate @@ -183,6 +184,14 @@ Require all granted EOF +# Configure logging +cat >$root/conf/log.conf <<EOF +# Generated by: httpd-conf $* +ErrorLog $root/logs/error_log +CustomLog $root/logs/access_log combined + +EOF + # Run with the prefork MPM cat >$root/conf/mpm.conf <<EOF # Generated by: httpd-conf $* diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index 50da9e6b54..dc3b71bcac 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -138,7 +138,7 @@ SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 # "SSL-client-I-DN" "SSL-client-S-DN" "user-track" local-IP virtual-host # response-time bytes-received bytes-sent LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [sslaccess] %h %l %u %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{SSL_CLIENT_I_DN}x\" \"%{SSL_CLIENT_S_DN}x\" \"%{cookie}n\" %A %V %D %I %O" sslcombined -CustomLog $root/logs/ssl_access_log sslcombined +Include conf/log-ssl.conf # Enable HTTPS reverse proxy ProxyRequests Off @@ -154,6 +154,14 @@ SSLProxyCheckPeerCN Off EOF +# Configure logging +cat >$root/conf/log-ssl.conf <<EOF +# Generated by: httpd-ssl-conf $* +CustomLog $root/logs/ssl_access_log sslcombined + +EOF + +# Configure virtual hosts proxycert="server" if [ "$proxyconf" != "" ]; then proxycert="proxy" diff --git a/sca-cpp/trunk/modules/http/mod-security-conf b/sca-cpp/trunk/modules/http/mod-security-conf index a1373906fd..fdc4d8e24d 100755 --- a/sca-cpp/trunk/modules/http/mod-security-conf +++ b/sca-cpp/trunk/modules/http/mod-security-conf @@ -46,7 +46,7 @@ cat >$root/conf/mod-security.conf <<EOF # Generated by: mod-security-conf $* # Enable mod-security rules SecRuleEngine On -SecDefaultAction "phase:2,pass,log" +SecDefaultAction "phase:2,pass,nolog,auditlog" #SecDebugLog $root/logs//modsec_debug_log #SecDebugLogLevel 3 @@ -100,12 +100,12 @@ SecResponseBodyLimitAction ProcessPartial SecTmpDir $root/tmp/ SecDataDir $root/tmp/ -# Enable mod-security audit +# Enable mod-security audit log SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogParts ABIJDEFHKZ SecAuditLogType Serial -SecAuditLog $root/logs/modsec_audit_log +Include conf/mod-security-log.conf # Use & as application/x-www-form-urlencoded parameter separator SecArgumentSeparator & @@ -188,3 +188,10 @@ Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_47_skip_outbound_ch Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_55_application_defects.conf EOF +# Configure audit logging +cat >$root/conf/mod-security-log.conf <<EOF +# Generated by: mod-security-conf $* +SecAuditLog $root/logs/modsec_audit_log + +EOF + |