rpms/mod_security/devel mod_security.conf, 1.2, 1.3 mod_security.spec, 1.3, 1.4
Michael G. Fleming (mfleming)
fedora-extras-commits at redhat.com
Sat Jul 9 11:58:46 UTC 2005
- Previous message (by thread): rpms/nexuiz/devel .cvsignore, NONE, 1.1 Makefile, NONE, 1.1 sources, NONE, 1.1
- Next message (by thread): rpms/mod_security/devel mod_security.conf, 1.2, 1.3 mod_security.spec, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mfleming
Update of /cvs/extras/rpms/mod_security/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30155
Modified Files:
mod_security.conf mod_security.spec
Log Message:
- Ruleset improvements
- Requires httpd-mmn so we only install w/appropriate httpd versions.
Index: mod_security.conf
===================================================================
RCS file: /cvs/extras/rpms/mod_security/devel/mod_security.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- mod_security.conf 9 Jul 2005 00:41:23 -0000 1.2
+++ mod_security.conf 9 Jul 2005 11:58:44 -0000 1.3
@@ -37,18 +37,18 @@
# SecFilter 111
# Prevent path traversal (..) attacks
- SecFilter "\.\./"
+ # SecFilter "\.\./"
# Weaker XSS protection but allows common HTML tags
- SecFilter "<( |\n)*script"
+ # SecFilter "<( |\n)*script"
# Prevent XSS atacks (HTML/Javascript injection)
- SecFilter "<(.|\n)+>"
+ # SecFilter "<(.|\n)+>"
# Very crude filters to prevent SQL injection attacks
- SecFilter "delete[[:space:]]+from"
- SecFilter "insert[[:space:]]+into"
- SecFilter "select.+from"
+ # SecFilter "delete[[:space:]]+from"
+ # SecFilter "insert[[:space:]]+into"
+ # SecFilter "select.+from"
# Require HTTP_USER_AGENT and HTTP_HOST headers
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
Index: mod_security.spec
===================================================================
RCS file: /cvs/extras/rpms/mod_security/devel/mod_security.spec,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- mod_security.spec 9 Jul 2005 00:41:23 -0000 1.3
+++ mod_security.spec 9 Jul 2005 11:58:44 -0000 1.4
@@ -1,14 +1,15 @@
Summary: Security module for the Apache HTTP Server
Name: mod_security
Version: 1.8.7
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPL
URL: http://www.modsecurity.org/
Group: System Environment/Daemons
Source: http://www.modsecurity.org/download/modsecurity-%{version}.tar.gz
Source1: mod_security.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: httpd
+Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat
+%{_includedir}/httpd/.mmn || echo missing)
BuildRequires: httpd-devel
%description
@@ -40,6 +41,11 @@
%config(noreplace) /etc/httpd/conf.d/mod_security.conf
%changelog
+* Sat Jul 9 2005 Michael Fleming <mfleming+rpm at enlartenment.com> 1.8.7-4
+- Add Requires: httpd-mmn to get the appropriate "module magic" version
+ (thanks Ville Skyttä)
+- Disabled an overly-agressive rule or two..
+
* Sat Jul 9 2005 Michael Fleming <mfleming+rpm at enlartenment.com> 1.8.7-3
- Correct Buildroot
- Some sensible and safe rules for common apps in mod_security.conf
- Previous message (by thread): rpms/nexuiz/devel .cvsignore, NONE, 1.1 Makefile, NONE, 1.1 sources, NONE, 1.1
- Next message (by thread): rpms/mod_security/devel mod_security.conf, 1.2, 1.3 mod_security.spec, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list