Commit 614b23b1 authored by Till Brehm's avatar Till Brehm

Added apache directives check agains regex blacklist in security settings.

parent b18d6ed6
......@@ -250,7 +250,7 @@ class Monitor
$filterSet = $this->storage->getFilterSet();
if ($tags = $this->tags) {
$filterSet = array_filter(
$filterSet = @array_filter(
$filterSet,
function (Filter $filter) use ($tags) {
return (bool) array_intersect($tags, $filter->getTags());
......@@ -259,7 +259,7 @@ class Monitor
}
$scanKeys = $this->scanKeys;
$filterSet = array_filter(
$filterSet = @array_filter(
$filterSet,
function (Filter $filter) use ($key, $value, $scanKeys) {
return $filter->match($value) || $scanKeys && $filter->match($key);
......
......@@ -97,6 +97,45 @@ class validate_domain {
$result = $this->_check_unique($field_value . '.' . $check_domain, true);
if(!$result) return $this->get_error('domain_error_autosub');
}
/* Check apache directives */
function web_apache_directives($field_name, $field_value, $validator) {
global $app;
if(trim($field_value) != '') {
$security_config = $app->getconf->get_security_config('ids');
if($security_config['apache_directives_scan_enabled'] == 'yes') {
// Get blacklist
$blacklist_path = '/usr/local/ispconfig/security/apache_directives.blacklist';
if(is_file('/usr/local/ispconfig/security/apache_directives.blacklist.custom')) $blacklist_path = '/usr/local/ispconfig/security/apache_directives.blacklist.custom';
if(!is_file($blacklist_path)) $blacklist_path = realpath(ISPC_ROOT_PATH.'/../security/apache_directives.blacklist');
$directives = explode("\n",$field_value);
$regex = explode("\n",file_get_contents($blacklist_path));
$blocked = false;
$blocked_line = '';
if(is_array($directives) && is_array($regex)) {
foreach($directives as $directive) {
$directive = trim($directive);
foreach($regex as $r) {
if(preg_match(trim($r),$directive)) {
$blocked = true;
$blocked_line = $directive;
};
}
}
}
}
}
if($blocked === true) {
return $this->get_error('apache_directive_blocked_error').' '.$blocked_line;
}
}
/* internal validator function to match regexp */
function _regex_validate($domain_name, $allow_wildcard = false) {
......@@ -175,5 +214,6 @@ class validate_domain {
}
return true; // admin may always add wildcard domain
}
}
......@@ -730,6 +730,13 @@ if($_SESSION["s"]["user"]["typ"] == 'admin') {
'apache_directives' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXT',
'validators' => array ( 0 => array(
'type' => 'CUSTOM',
'class' => 'validate_domain',
'function' => 'web_apache_directives',
'errmsg' => 'apache_directive_blockd_error'
),
),
'default' => '',
'value' => '',
'width' => '30',
......
......@@ -706,6 +706,13 @@ if($_SESSION["s"]["user"]["typ"] == 'admin') {
'apache_directives' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXT',
'validators' => array ( 0 => array(
'type' => 'CUSTOM',
'class' => 'validate_domain',
'function' => 'web_apache_directives',
'errmsg' => 'apache_directive_blockd_error'
),
),
'default' => '',
'value' => '',
'width' => '30',
......
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Oddělte více adresářů čárkami. Vzor:
$wb['backup_excludes_error_regex'] = 'Vyloučené adresáře obsahují neplatné znaky.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Neplatné nastavení php.ini';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Mehrere Verzeichnisse mit Kommas trennen. Be
$wb['backup_excludes_error_regex'] = 'Die auszuschließenden Verzeichnisse enthalten ungültige Zeichen.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Unzulässige php.ini-Einstellungen';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Die Apache Direktive wurde durch die Sicherheitsrichtline blockiert:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
\ No newline at end of file
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Ogiltiga php.ini-inställningar';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
......@@ -128,4 +128,5 @@ $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. E
$wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['apache_directive_blocked_error'] = 'Apache directive blocked by security settings:';
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment