commit b5a619a3c20f775146895c2840bc35bcdecb71b0
parent db77203231375309af596594bdbab0ac29015c2d
Author: dankert <devnull@localhost>
Date: Sat, 27 Jan 2007 00:00:12 +0100
*** empty log message ***
Diffstat:
1 file changed, 39 insertions(+), 18 deletions(-)
diff --git a/doc/examples/mod-security.conf b/doc/examples/mod-security.conf
@@ -65,37 +65,54 @@
- # Parameter Whitelist
- SecFilterSelective ARGS_NAMES "!^(targetSubAction|subaction|action|oi|id|login_name|login_password|elementid|dbid|ok|screenwidth|src|text|obj[0-9]+|type|valueid|release|objectid1|objectid2|commit|ids|groupid|username|name|fullname|desc|description|templateid|tel|ldap_dn|style|is_admin|ok|act_password|password1?|password2|e?mail|random|timeout|code|confirm|addelement|addicon|addifempty|addifnotempty|elementid|iconid|ifemptyid|ifnotemptyid|with_icon|all_languages|writable|wiki|html|default_longtext)$"
-
-
+ # Parameter Whitelist (to be done, need a good way)
+ #SecFilterSelective ARGS_NAMES "!^(targetSubAction|subaction|action|oi|id)$" chain
+ #SecFilterSelective ARGS_NAMES "!^(login_name|login_password)$" chain
+ #SecFilterSelective ARGS_NAMES "!^(elementid|dbid|ok|screenwidth|src|text)$" chain
+ #SecFilterSelective ARGS_NAMES "!^(obj[0-9]+|type|valueid|release|objectid1|objectid2|commit|ids)$" chain
+ #SecFilterSelective ARGS_NAMES "!^(groupid|username|name|fullname|desc|description|templateid)$" chain
+ #SecFilterSelective ARGS_NAMES "!^(tel|ldap_dn|style|is_admin|ok|act_password|password1?|password2|e?mail|random|timeout|code|confirm)$" chain
+ #SecFilterSelective ARGS_NAMES "!^(addelement|addicon|addifempty|addifnotempty|elementid|iconid|ifemptyid|ifnotemptyid|with_icon|all_languages|writable|wiki|html|default_longtext|subtypes|subtype)$" chain
+ #SecFilterSelective ARGS_NAMES "!^(target_dir|ftp_url|ftp_passive|cmd_after_publish|content_negotiation|cut_index)$"
+
+ SecFilterSelective ARGS_NAMES "!^[a-z][a-z0-9_]*[0-9]*$"
# Einzelne Parameter
SecFilterSelective ARG_id "!^[0-9-]*$"
+
+ # Session-Id (ggf. anzupassen)
+ SecFilterSelective ARG_oi "!^[a-f0-9]*$"
+ SecFilterSelective ARG_PHPSESSID "!^[a-f0-9]*$"
+ SecFilterSelective ARG_sessionid "!^[a-f0-9]*$"
+ SecFilterSelective ARG_sid "!^[a-f0-9]*$"
- SecFilterSelective ARG_login_name "!^[A-Za-z0-9_-]*$"
+ SecFilterSelective ARG_login_name "!^[A-Za-z0-9_-]*$"
SecFilterSelective ARG_login_password "!^[A-Za-z0-9_-]*$"
- SecFilterSelective ARG_password1 "!^[A-Za-z0-9_-]*$"
- SecFilterSelective ARG_password2 "!^[A-Za-z0-9_-]*$"
+ SecFilterSelective ARG_password1 "!^[A-Za-z0-9_-]*$"
+ SecFilterSelective ARG_password2 "!^[A-Za-z0-9_-]*$"
+ SecFilterSelective ARG_password "!^[A-Za-z0-9_-]*$"
SecFilterSelective ARG_action "!^[a-z]*$"
SecFilterSelective ARG_subaction "!^[a-z]*$"
- SecFilterSelective ARG_oi "!^[a-f0-9]*$"
SecFilterSelective ARG_elementid "!^[0-9]*$"
SecFilterSelective ARG_objectid1 "!^[0-9]*$"
SecFilterSelective ARG_objectid2 "!^[0-9]*$"
SecFilterSelective ARG_dbid "!^[a-zA-Z0-9_-]*$"
- SecFilterSelective ARG_tel "!^[a-zA-Z0-9_-]*$"
+ SecFilterSelective ARG_tel "!^[a-zA-Z0-9_ -]*$"
SecFilterSelective ARG_desc "!^[a-zA-Z0-9_-]*$"
SecFilterSelective ARG_mail "!^[a-zA-Z0-9_\.@-]*$"
SecFilterSelective ARG_style "!^[a-zA-Z0-9_-]*$"
- SecFilterSelective ARG_ldap_dn "!^[a-zA-Z0-9_=;-]*$"
+ SecFilterSelective ARG_ldap_dn "!^[a-zA-Z0-9_=;,-]*$"
SecFilterSelective ARG_is_admin "!^1?$"
SecFilterSelective ARG_email "!^1?$"
SecFilterSelective ARG_random "!^1?$"
SecFilterSelective ARG_timeout "!^1?$"
+ SecFilterSelective ARG_cut_index "!^1?$"
+ SecFilterSelective ARG_content_negotiation "!^1?$"
+ SecFilterSelective ARG_ftp_passive "!^1?$"
+ #SecFilterSelective ARG_cmd_after_publish "!^[a-zA-Z0-9_\/]+$"
@@ -104,7 +121,10 @@
SecFilterSelective ARG_subaction "^(|project|object|projectmenu|administration|changepassword|register|registercode|registercommit|password|showlogin|login|logout|setnewpassword)$" allow
SecFilterSelective ARG_action "^folder$" chain
- SecFilterSelective ARG_subaction "^(|show|save|create|pub|prop|rights|createnewpage|createnewfolder|createnewlink|createnewfile|edit|changesequence|multiple)$" allow
+ SecFilterSelective ARG_subaction "^(|show|save|create|pub|prop|saveprop|rights|createnewpage|createnewfolder|createnewlink|createnewfile|edit|changesequence|multiple|order|settop|setbottom|select)$" allow
+
+ SecFilterSelective ARG_action "^(file|page|link|folder)$" chain
+ SecFilterSelective ARG_subaction "^(|aclform|addacl|delacl|pubnow)$" allow
SecFilterSelective ARG_action "^page$" chain
SecFilterSelective ARG_subaction "^(|show|save|edit|el|pub|prop|src|rights)$" allow
@@ -113,13 +133,13 @@
SecFilterSelective ARG_subaction "^(|show|save|pub|prop|rights)$" allow
SecFilterSelective ARG_action "^link$" chain
- SecFilterSelective ARG_subaction "^(|show|save|pub|prop|rights)$" allow
+ SecFilterSelective ARG_subaction "^(|show|edit|save|pub|prop|rights)$" allow
SecFilterSelective ARG_action "^pageelement$" chain
- SecFilterSelective ARG_subaction "^(|save|editlink|editlongtext|archivelink|archivelongtext|diff)$" allow
+ SecFilterSelective ARG_subaction "^(|save|editlink|editlongtext|archivelink|archivelongtext|diff|savelongtext)$" allow
SecFilterSelective ARG_action "^(main|mainmenu)$" chain
- SecFilterSelective ARG_subaction "^(folder|page|pageelement|file|link|template|language|model|search|project|user|group)$" allow
+ SecFilterSelective ARG_subaction "^(folder|page|pageelement|file|link|template|language|model|search|project|user|group|element)$" allow
SecFilterSelective ARG_action "^template$" chain
SecFilterSelective ARG_subaction "^(|prop|el|listing|show|edit|src|srcaddelement)$" allow
@@ -146,13 +166,13 @@
SecFilterSelective ARG_subaction "^(|listing|add|edit|remove)$" allow
SecFilterSelective ARG_action "^search$" chain
- SecFilterSelective ARG_subaction "^(|prop|value)$" allow
+ SecFilterSelective ARG_subaction "^(|prop|content)$" allow
SecFilterSelective ARG_action "^project$" chain
SecFilterSelective ARG_subaction "^(|listing|edit|save|add|remove|maintanance)$" allow
SecFilterSelective ARG_action "^user$" chain
- SecFilterSelective ARG_subaction "^(|listing|edit|save|add|remove|groups|pw|rights|pwchange|addgrouptouser|delete)$" allow
+ SecFilterSelective ARG_subaction "^(|listing|edit|save|add|remove|groups|pw|rights|pwchange|addgrouptouser|adduser|delete)$" allow
SecFilterSelective ARG_action "^group$" chain
SecFilterSelective ARG_subaction "^(|listing|edit|save|add|remove|users)$" allow
@@ -161,13 +181,14 @@
SecFilterSelective ARG_subaction "^(|saveprofile|savepw)$" allow
SecFilterSelective ARG_action "^element$" chain
- SecFilterSelective ARG_subaction "^(|saveproperties)$" allow
+ SecFilterSelective ARG_subaction "^(|properties|saveproperties|name|remove|type|delete)$" allow
# Fallback: Alles ablehnen.
# Temporär alles loggen und erstmal trotzdem erlauben.
- SecFilter ".*" log,allow
+ #SecFilter ".*" log,allow
+ SecFilter ".*"