Initial version, closes #32190.

7 files changed, 294 insertions, 0 deletions

diff --git a/net-www/mod_security/ChangeLog b/net-www/mod_security/ChangeLog
new file mode 100644
index 000000000000..8875266c0889
--- /dev/null
+++ b/net-www/mod_security/ChangeLog
@@ -0,0 +1,11 @@
+# ChangeLog for net-www/mod_security
+# Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/ChangeLog,v 1.1 2004/06/04 01:30:14 zul Exp $
+
+*mod_security-1.7.6 (03 Jun 2004)
+
+  03 Jun 2004; Chuck Short <zul@gentoo.org> metadata.xml, mod_security-1.7.6.ebuild,
+  files/99_mod_security.conf, files/mod_security.conf:
+  Initial version,e build written by dju` <dju @ elegiac.net>.
+  Closes #32190.
+
diff --git a/net-www/mod_security/Manifest b/net-www/mod_security/Manifest
new file mode 100644
index 000000000000..c62e473ac575
--- /dev/null
+++ b/net-www/mod_security/Manifest
@@ -0,0 +1,2 @@
+MD5 7fbf85aa71902b2efb900e4c8f58cca5 mod_security-1.7.6.ebuild 1211
+MD5 93b283b1aef242964a12edd89989d103 files/digest-mod_security-1.7.6 70
diff --git a/net-www/mod_security/files/99_mod_security.conf b/net-www/mod_security/files/99_mod_security.conf
new file mode 100644
index 000000000000..4b2cb1b36cc6
--- /dev/null
+++ b/net-www/mod_security/files/99_mod_security.conf
@@ -0,0 +1,123 @@
+<IfDefine SECURITY>
+  <IfModule !mod_security.c>
+    LoadModule security_module    extramodules/mod_security.so
+  </IfModule>
+</IfDefine>
+
+# Examples below are taken from the online documentation
+# Refer to:
+# http://www.modsecurity.org/documentation/quick-examples.html
+
+<IfModule mod_security.c>
+
+    # Turn the filtering engine On or Off
+    SecFilterEngine On
+
+    # Make sure that URL encoding is valid
+    SecFilterCheckURLEncoding On
+
+    # Only allow bytes from this range
+    SecFilterForceByteRange 32 126
+
+    # The audit engine works independently and
+    # can be turned On of Off on the per-server or
+    # on the per-directory basis. "On" will log everything,
+    # "DynamicOrRelevant" will log dynamic requests or violations,
+    # and "RelevantOnly" will only log policy violations
+    SecAuditEngine RelevantOnly
+
+    # The name of the audit log file
+    SecAuditLog logs/audit_log
+
+    SecFilterDebugLog logs/modsec_debug_log
+    SecFilterDebugLevel 0
+
+    # Should mod_security inspect POST payloads
+    SecFilterScanPOST On
+
+    # Action to take by default
+    SecFilterDefaultAction "deny,log,status:500"
+
+    # Redirect user on filter match
+    SecFilter xxx redirect:http://www.webkreator.com
+
+    # Execute the external script on filter match
+    SecFilter yyy log,exec:/home/users/ivanr/apache/bin/report-attack.pl
+
+    # Simple filter
+    SecFilter 111
+    
+    # Only check the QUERY_STRING variable
+    SecFilterSelective QUERY_STRING 222
+
+    # Only check the body of the POST request
+    SecFilterSelective POST_PAYLOAD 333
+
+    # Only check arguments (will work for GET and POST)
+    SecFilterSelective ARGS 444
+
+    # Test filter
+    SecFilter "/cgi-bin/modsec-test.pl/keyword"
+
+    # Another test filter, will be denied with 404 but not logged
+    # action supplied as a parameter overrides the default action
+    SecFilter 999 "deny,nolog,status:500"
+
+    # Prevent OS specific keywords
+    SecFilter /etc/passwd
+
+    # Prevent path traversal (..) attacks
+    SecFilter "\.\./"
+
+    # Weaker XSS protection but allows common HTML tags
+    SecFilter "<[[:space:]]*script"
+
+    # Prevent XSS atacks (HTML/Javascript injection)
+    SecFilter "<(.|\n)+>"
+
+    # Very crude filters to prevent SQL injection attacks
+    SecFilter "delete[[:space:]]+from"
+    SecFilter "insert[[:space:]]+into"
+    SecFilter "select.+from"
+
+    # Require HTTP_USER_AGENT and HTTP_HOST headers
+    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
+
+    # Forbid file upload
+    SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data
+
+    # Only watch argument p1
+    SecFilterSelective "ARG_p1" 555
+
+    # Watch all arguments except p1
+    SecFilterSelective "ARGS|!ARG_p2" 666
+
+    # Only allow our own test utility to send requests (or Mozilla)
+    SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
+
+    # Do not allow variables with this name
+    SecFilterSelective ARGS_NAMES 777
+
+    # Do now allow this variable value (names are ok)
+    SecFilterSelective ARGS_VALUES 888
+
+    # Test for a POST variable parsing bug, see test #41
+    SecFilterSelective ARG_p2 AAA
+
+    # Stop spamming through FormMail
+    # note the exclamation mark at the beginning
+    # of the filter - only requests that match this regex will
+    # be allowed
+    <Location /cgi-bin/FormMail>
+        SecFilterSelective "ARG_recipient" "!@webkreator.com$"
+    </Location>
+
+    # when allowing upload, only allow images
+    # note that this is not foolproof, a determined attacker
+    # could get around this 
+    <Location /fileupload.php>
+        SecFilterInheritance Off
+        SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
+    </Location>
+
+</IfModule>
diff --git a/net-www/mod_security/files/digest-mod_security-1.7.6 b/net-www/mod_security/files/digest-mod_security-1.7.6
new file mode 100644
index 000000000000..0fa61fbcdf47
--- /dev/null
+++ b/net-www/mod_security/files/digest-mod_security-1.7.6
@@ -0,0 +1 @@
+MD5 2be3a3a4ac98a95580e5c01d2d5b3b88 mod_security-1.7.6.tar.gz 272864
diff --git a/net-www/mod_security/files/mod_security.conf b/net-www/mod_security/files/mod_security.conf
new file mode 100644
index 000000000000..186eaf58b46f
--- /dev/null
+++ b/net-www/mod_security/files/mod_security.conf
@@ -0,0 +1,113 @@
+<IfModule mod_security.c>
+
+    # Turn the filtering engine On or Off
+    SecFilterEngine On
+
+    # Make sure that URL encoding is valid
+    SecFilterCheckURLEncoding On
+
+    # Only allow bytes from this range
+    SecFilterForceByteRange 32 126
+
+    # The audit engine works independently and
+    # can be turned On of Off on the per-server or
+    # on the per-directory basis. "On" will log everything,
+    # "DynamicOrRelevant" will log dynamic requests or violations,
+    # and "RelevantOnly" will only log policy violations
+    SecAuditEngine RelevantOnly
+
+    # The name of the audit log file
+    SecAuditLog logs/audit_log
+
+    SecFilterDebugLog logs/modsec_debug_log
+    SecFilterDebugLevel 0
+
+    # Should mod_security inspect POST payloads
+    SecFilterScanPOST On
+
+    # Action to take by default
+    SecFilterDefaultAction "deny,log,status:500"
+
+    # Redirect user on filter match
+    SecFilter xxx redirect:http://www.webkreator.com
+
+    # Execute the external script on filter match
+    SecFilter yyy log,exec:/home/users/ivanr/apache/bin/report-attack.pl
+
+    # Simple filter
+    SecFilter 111
+    
+    # Only check the QUERY_STRING variable
+    SecFilterSelective QUERY_STRING 222
+
+    # Only check the body of the POST request
+    SecFilterSelective POST_PAYLOAD 333
+
+    # Only check arguments (will work for GET and POST)
+    SecFilterSelective ARGS 444
+
+    # Test filter
+    SecFilter "/cgi-bin/modsec-test.pl/keyword"
+
+    # Another test filter, will be denied with 404 but not logged
+    # action supplied as a parameter overrides the default action
+    SecFilter 999 "deny,nolog,status:500"
+
+    # Prevent OS specific keywords
+    SecFilter /etc/passwd
+
+    # Prevent path traversal (..) attacks
+    SecFilter "\.\./"
+
+    # Weaker XSS protection but allows common HTML tags
+    SecFilter "<[[:space:]]*script"
+
+    # Prevent XSS atacks (HTML/Javascript injection)
+    SecFilter "<(.|\n)+>"
+
+    # Very crude filters to prevent SQL injection attacks
+    SecFilter "delete[[:space:]]+from"
+    SecFilter "insert[[:space:]]+into"
+    SecFilter "select.+from"
+
+    # Require HTTP_USER_AGENT and HTTP_HOST headers
+    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
+
+    # Forbid file upload
+    SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data
+
+    # Only watch argument p1
+    SecFilterSelective "ARG_p1" 555
+
+    # Watch all arguments except p1
+    SecFilterSelective "ARGS|!ARG_p2" 666
+
+    # Only allow our own test utility to send requests (or Mozilla)
+    SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
+
+    # Do not allow variables with this name
+    SecFilterSelective ARGS_NAMES 777
+
+    # Do now allow this variable value (names are ok)
+    SecFilterSelective ARGS_VALUES 888
+
+    # Test for a POST variable parsing bug, see test #41
+    SecFilterSelective ARG_p2 AAA
+
+    # Stop spamming through FormMail
+    # note the exclamation mark at the beginning
+    # of the filter - only requests that match this regex will
+    # be allowed
+    <Location /cgi-bin/FormMail>
+        SecFilterSelective "ARG_recipient" "!@webkreator.com$"
+    </Location>
+
+    # when allowing upload, only allow images
+    # note that this is not foolproof, a determined attacker
+    # could get around this 
+    <Location /fileupload.php>
+        SecFilterInheritance Off
+        SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
+    </Location>
+
+</IfModule>
diff --git a/net-www/mod_security/metadata.xml b/net-www/mod_security/metadata.xml
new file mode 100644
index 000000000000..bcaabdbbd0d3
--- /dev/null
+++ b/net-www/mod_security/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>apache</herd>
+<longdescription>
+The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
+</longdescription>
+</pkgmetadata>
diff --git a/net-www/mod_security/mod_security-1.7.6.ebuild b/net-www/mod_security/mod_security-1.7.6.ebuild
new file mode 100644
index 000000000000..f8439a25c3bf
--- /dev/null
+++ b/net-www/mod_security/mod_security-1.7.6.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/mod_security-1.7.6.ebuild,v 1.1 2004/06/04 01:30:14 zul Exp $
+
+DESCRIPTION="Intrusion Detection System for apache"
+HOMEPAGE="http://www.modsecurity.org"
+SRC_URI="http://www.modsecurity.org/download/${P}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86"
+IUSE="apache2 doc"
+DEPEND="apache2? ( =net-www/apache-2* )
+	!apache2? ( =net-www/apache-1* )"
+
+src_compile() {
+	use apache2 || apxs -S LIBEXECDIR=${S} -ci ${S}/apache1/mod_security.c
+	use apache2 && apxs2 -S LIBEXECDIR=${S} -ci ${S}/apache2/mod_security.c
+}
+
+src_install() {
+	use apache2 || exeinto /usr/lib/apache-extramodules/
+	use apache2 && exeinto /usr/lib/apache2-extramodules/
+	doexe ${S}/mod_security.so
+	dodoc CHANGES httpd.conf.example-full httpd.conf.example-minimal INSTALL LICENSE README
+	use doc && dodoc modsecurity-manual-1.7.4.pdf
+
+	if use apache2; then
+		einfo "Installing a Apache2 config for mod_security (99_mod_security.conf)"
+		insinto /etc/apache2/conf/modules.d
+		doins ${FILESDIR}/99_mod_security.conf
+	else
+		einfo "Installing a Apache config for mod_security (mod_security.conf)"
+		insinto /etc/apache/conf/addon-modules
+		doins ${FILESDIR}/mod_security.conf
+	fi
+}