Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
Zvonimir
ISPConfig 3
Commits
614b23b1
Commit
614b23b1
authored
Aug 25, 2014
by
Till Brehm
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added apache directives check agains regex blacklist in security settings.
parent
b18d6ed6
Changes
27
Hide whitespace changes
Inline
Side-by-side
Showing
27 changed files
with
79 additions
and
2 deletions
+79
-2
interface/lib/classes/IDS/Monitor.php
interface/lib/classes/IDS/Monitor.php
+2
-2
interface/lib/classes/validate_domain.inc.php
interface/lib/classes/validate_domain.inc.php
+40
-0
interface/web/sites/form/web_domain.tform.php
interface/web/sites/form/web_domain.tform.php
+7
-0
interface/web/sites/form/web_vhost_subdomain.tform.php
interface/web/sites/form/web_vhost_subdomain.tform.php
+7
-0
interface/web/sites/lib/lang/ar_web_domain.lng
interface/web/sites/lib/lang/ar_web_domain.lng
+1
-0
interface/web/sites/lib/lang/bg_web_domain.lng
interface/web/sites/lib/lang/bg_web_domain.lng
+1
-0
interface/web/sites/lib/lang/br_web_domain.lng
interface/web/sites/lib/lang/br_web_domain.lng
+1
-0
interface/web/sites/lib/lang/cz_web_domain.lng
interface/web/sites/lib/lang/cz_web_domain.lng
+1
-0
interface/web/sites/lib/lang/de_web_domain.lng
interface/web/sites/lib/lang/de_web_domain.lng
+1
-0
interface/web/sites/lib/lang/el_web_domain.lng
interface/web/sites/lib/lang/el_web_domain.lng
+1
-0
interface/web/sites/lib/lang/en_web_domain.lng
interface/web/sites/lib/lang/en_web_domain.lng
+1
-0
interface/web/sites/lib/lang/es_web_domain.lng
interface/web/sites/lib/lang/es_web_domain.lng
+1
-0
interface/web/sites/lib/lang/fi_web_domain.lng
interface/web/sites/lib/lang/fi_web_domain.lng
+1
-0
interface/web/sites/lib/lang/fr_web_domain.lng
interface/web/sites/lib/lang/fr_web_domain.lng
+1
-0
interface/web/sites/lib/lang/hr_web_domain.lng
interface/web/sites/lib/lang/hr_web_domain.lng
+1
-0
interface/web/sites/lib/lang/hu_web_domain.lng
interface/web/sites/lib/lang/hu_web_domain.lng
+1
-0
interface/web/sites/lib/lang/id_web_domain.lng
interface/web/sites/lib/lang/id_web_domain.lng
+1
-0
interface/web/sites/lib/lang/it_web_domain.lng
interface/web/sites/lib/lang/it_web_domain.lng
+1
-0
interface/web/sites/lib/lang/ja_web_domain.lng
interface/web/sites/lib/lang/ja_web_domain.lng
+1
-0
interface/web/sites/lib/lang/nl_web_domain.lng
interface/web/sites/lib/lang/nl_web_domain.lng
+1
-0
interface/web/sites/lib/lang/pl_web_domain.lng
interface/web/sites/lib/lang/pl_web_domain.lng
+1
-0
interface/web/sites/lib/lang/pt_web_domain.lng
interface/web/sites/lib/lang/pt_web_domain.lng
+1
-0
interface/web/sites/lib/lang/ro_web_domain.lng
interface/web/sites/lib/lang/ro_web_domain.lng
+1
-0
interface/web/sites/lib/lang/ru_web_domain.lng
interface/web/sites/lib/lang/ru_web_domain.lng
+1
-0
interface/web/sites/lib/lang/se_web_domain.lng
interface/web/sites/lib/lang/se_web_domain.lng
+1
-0
interface/web/sites/lib/lang/sk_web_domain.lng
interface/web/sites/lib/lang/sk_web_domain.lng
+1
-0
interface/web/sites/lib/lang/tr_web_domain.lng
interface/web/sites/lib/lang/tr_web_domain.lng
+1
-0
No files found.
interface/lib/classes/IDS/Monitor.php
View file @
614b23b1
...
...
@@ -250,7 +250,7 @@ class Monitor
$filterSet
=
$this
->
storage
->
getFilterSet
();
if
(
$tags
=
$this
->
tags
)
{
$filterSet
=
array_filter
(
$filterSet
=
@
array_filter
(
$filterSet
,
function
(
Filter
$filter
)
use
(
$tags
)
{
return
(
bool
)
array_intersect
(
$tags
,
$filter
->
getTags
());
...
...
@@ -259,7 +259,7 @@ class Monitor
}
$scanKeys
=
$this
->
scanKeys
;
$filterSet
=
array_filter
(
$filterSet
=
@
array_filter
(
$filterSet
,
function
(
Filter
$filter
)
use
(
$key
,
$value
,
$scanKeys
)
{
return
$filter
->
match
(
$value
)
||
$scanKeys
&&
$filter
->
match
(
$key
);
...
...
interface/lib/classes/validate_domain.inc.php
View file @
614b23b1
...
...
@@ -97,6 +97,45 @@ class validate_domain {
$result
=
$this
->
_check_unique
(
$field_value
.
'.'
.
$check_domain
,
true
);
if
(
!
$result
)
return
$this
->
get_error
(
'domain_error_autosub'
);
}
/* Check apache directives */
function
web_apache_directives
(
$field_name
,
$field_value
,
$validator
)
{
global
$app
;
if
(
trim
(
$field_value
)
!=
''
)
{
$security_config
=
$app
->
getconf
->
get_security_config
(
'ids'
);
if
(
$security_config
[
'apache_directives_scan_enabled'
]
==
'yes'
)
{
// Get blacklist
$blacklist_path
=
'/usr/local/ispconfig/security/apache_directives.blacklist'
;
if
(
is_file
(
'/usr/local/ispconfig/security/apache_directives.blacklist.custom'
))
$blacklist_path
=
'/usr/local/ispconfig/security/apache_directives.blacklist.custom'
;
if
(
!
is_file
(
$blacklist_path
))
$blacklist_path
=
realpath
(
ISPC_ROOT_PATH
.
'/../security/apache_directives.blacklist'
);
$directives
=
explode
(
"
\n
"
,
$field_value
);
$regex
=
explode
(
"
\n
"
,
file_get_contents
(
$blacklist_path
));
$blocked
=
false
;
$blocked_line
=
''
;
if
(
is_array
(
$directives
)
&&
is_array
(
$regex
))
{
foreach
(
$directives
as
$directive
)
{
$directive
=
trim
(
$directive
);
foreach
(
$regex
as
$r
)
{
if
(
preg_match
(
trim
(
$r
),
$directive
))
{
$blocked
=
true
;
$blocked_line
=
$directive
;
};
}
}
}
}
}
if
(
$blocked
===
true
)
{
return
$this
->
get_error
(
'apache_directive_blocked_error'
)
.
' '
.
$blocked_line
;
}
}
/* internal validator function to match regexp */
function
_regex_validate
(
$domain_name
,
$allow_wildcard
=
false
)
{
...
...
@@ -175,5 +214,6 @@ class validate_domain {
}
return
true
;
// admin may always add wildcard domain
}
}
interface/web/sites/form/web_domain.tform.php
View file @
614b23b1
...
...
@@ -730,6 +730,13 @@ if($_SESSION["s"]["user"]["typ"] == 'admin') {
'apache_directives'
=>
array
(
'datatype'
=>
'TEXT'
,
'formtype'
=>
'TEXT'
,
'validators'
=>
array
(
0
=>
array
(
'type'
=>
'CUSTOM'
,
'class'
=>
'validate_domain'
,
'function'
=>
'web_apache_directives'
,
'errmsg'
=>
'apache_directive_blockd_error'
),
),
'default'
=>
''
,
'value'
=>
''
,
'width'
=>
'30'
,
...
...
interface/web/sites/form/web_vhost_subdomain.tform.php
View file @
614b23b1
...
...
@@ -706,6 +706,13 @@ if($_SESSION["s"]["user"]["typ"] == 'admin') {
'apache_directives'
=>
array
(
'datatype'
=>
'TEXT'
,
'formtype'
=>
'TEXT'
,
'validators'
=>
array
(
0
=>
array
(
'type'
=>
'CUSTOM'
,
'class'
=>
'validate_domain'
,
'function'
=>
'web_apache_directives'
,
'errmsg'
=>
'apache_directive_blockd_error'
),
),
'default'
=>
''
,
'value'
=>
''
,
'width'
=>
'30'
,
...
...
interface/web/sites/lib/lang/ar_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/bg_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/br_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/cz_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Oddělte více adresářů čárkami. Vzor:
$wb
[
'backup_excludes_error_regex'
]
=
'Vyloučené adresáře obsahují neplatné znaky.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Neplatné nastavení php.ini'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/de_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Mehrere Verzeichnisse mit Kommas trennen. Be
$wb
[
'backup_excludes_error_regex'
]
=
'Die auszuschließenden Verzeichnisse enthalten ungültige Zeichen.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Unzulässige php.ini-Einstellungen'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Die Apache Direktive wurde durch die Sicherheitsrichtline blockiert:'
;
?>
interface/web/sites/lib/lang/el_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/en_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
\ No newline at end of file
interface/web/sites/lib/lang/es_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/fi_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/fr_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/hr_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/hu_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/id_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/it_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/ja_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/nl_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/pl_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/pt_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/ro_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/ru_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/se_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Ogiltiga php.ini-inställningar'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/sk_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
interface/web/sites/lib/lang/tr_web_domain.lng
View file @
614b23b1
...
...
@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb
[
'backup_excludes_error_regex'
]
=
'The excluded directories contain invalid characters.'
;
$wb
[
'invalid_custom_php_ini_settings_txt'
]
=
'Invalid php.ini settings'
;
$wb
[
'invalid_system_user_or_group_txt'
]
=
'Invalid system user or group'
;
$wb
[
'apache_directive_blocked_error'
]
=
'Apache directive blocked by security settings:'
;
?>
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment