FreeBSD Bugzilla – Attachment 218900 Details for
Bug 250470
www/mod_security: Make crs-setup.conf follow upstream changes when pulling; correct outdated instructions; improve the documentation
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch file
mod_security.patch (text/plain), 3.78 KB, created by
Samy Mahmoudi
on 2020-10-19 18:20:09 UTC
(
hide
)
Description:
Patch file
Filename:
MIME Type:
Creator:
Samy Mahmoudi
Created:
2020-10-19 18:20:09 UTC
Size:
3.78 KB
patch
obsolete
>Index: files/280_mod_security.conf.sample.in >=================================================================== >--- files/280_mod_security.conf.sample.in (révision 552016) >+++ files/280_mod_security.conf.sample.in (copie de travail) >@@ -8,18 +8,25 @@ > > ## > ## To enable ModSecurity in Apache, enable the modules >-## mod_unique_id (in httpd.conf) and >-## mod_security2 in this config file >+## mod_unique_id >+## mod_security2 >+## e.g. by uncommenting the LoadModule lines of this config file. > ## > ## Additionally, load configuration and rules with an Include line from > ## %%ETCDIR%%/*.conf >+## e.g. by uncommenting the following Inlude line. > ## >-## Most users will use the signatures from the OWASP Core Rule Set (CRS). >-## For configuration instructions, see %%DOCSDIR%%/README. >-## > >-## apache modules for mod_security >+## Apache modules and Include line for mod_security > #LoadModule unique_id_module %%APACHEMODDIR%%/mod_unique_id.so > #LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so > #Include %%ETCDIR%%/*.conf > >+## >+## Most users will use the signatures from the OWASP Core Rule Set (CRS). >+## For configuration instructions, see %%DOCSDIR%%/README (second paragraph) >+## before uncommenting the following Include line. >+## >+ >+## Include line for signatures from the OWASP Core Rule Set (CRS) >+#Include %%ETCDIR%%/owasp-modsecurity-crs/rules/*.conf >Index: files/README.in >=================================================================== >--- files/README.in (révision 552016) >+++ files/README.in (copie de travail) >@@ -3,12 +3,12 @@ > > To enable ModSecurity in Apache, follow the instructions in > >- %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% >+ %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% > > ModSecurity has various configuration options. > To change them, edit the following file: > >- %%ETCDIR%%/modsecurity.conf >+ %%ETCDIR%%/modsecurity.conf > > Getting the Core Rule Set > ------------------------- >@@ -22,15 +22,18 @@ > pkg install git > cd %%ETCDIR%% > git clone https://github.com/SpiderLabs/owasp-modsecurity-crs >- cp owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example \ >- crs.conf >+ ln -s owasp-modsecurity-crs/crs-setup.conf.example crs-setup.conf > >-The CRS has various config options. To change them, edit crs.conf. >+The CRS has various config options. To change them, edit crs-setup.conf. > >-To activate the CRS base rules, add the following to your httpd.conf: >+To activate the CRS base rules, either add the following line to your httpd.conf > >- Include etc/modsecurity/owasp-modsecurity-crs/base_rules/*.conf >+ Include %%ETCDIR%%/owasp-modsecurity-crs/rules/*.conf > >+or uncomment the same line in: >+ >+ %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% >+ > You can also add custom configuration and CRS exceptions here. > For instance, you might want to disable rules that generate false > positives. Example: >@@ -85,5 +88,9 @@ > do this with Git: > > cd %%ETCDIR%%/owasp-modsecurity-crs >- git pull >+ git stash push && git pull && git stash pop >+ >+Resolve conflicts in crs-setup.conf.example, if any. Then execute: >+ >+ git reset && git stash drop > apachectl restart >Index: files/pkg-message.in >=================================================================== >--- files/pkg-message.in (révision 552016) >+++ files/pkg-message.in (copie de travail) >@@ -2,12 +2,12 @@ > { type: install > message: <<EOM > You have installed ModSecurity. >-To enable ModSecurity in Apache, follow the instructions in >+To enable ModSecurity in Apache, follow the instructions in the first paragraph of > >- %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% >+ %%DOCSDIR%%/README > > Most users will use the signatures from the OWASP Core Rule Set (CRS). >-For configuration instructions, see %%DOCSDIR%%/README. >+For configuration instructions, see the second paragraph of the same file. > EOM > } > ]
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=218900">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 250470
: 218900