Sécurité.Org
Se connecter - 08/10/2008 01:27  

Homepage

Projects
Secfilter


Sécurité.Org


Apache::Secfilter Man Page
Apache::Secfilter - Verify and secure requests to Web servers

NAME

Apache::Secfilter - Verify and secure requests to Web servers

SYNOPSIS

# httpd.conf

    <Location />
    SetHandler perl-script
    PerlHandler Apache::OutputChain Apache::Secfilter Apache::ReverseProxy
    PerlSetvar ReverseProxyConfig /usr/local/apache/conf/rproxy.conf


    PerlAddvar Class ALPHA:^[a-zA-Z]*$
    PerlAddvar Class NUM:^[0-9]*$
    PerlSetvar Action remove
    </Location>

# HTML page

    <FORM ACTION="/script.cgi" METHOD="GET">
    <INPUT TYPE="TEXT" NAME="field1" CLASS="ALPHA[10]">
    <INPUT TYPE="TEXT" NAME="field2" CLASS="NUM[5]">
    <INPUT TYPE="submit">
    </FORM>

DESCRIPTION

Secure filter for reverse proxy. This module will add signature to links and forms, and will verify the integrity of the requests.

The initial link or form will be added a signed argument or a hidden input with the informations needed to verify the request when submitted by the client.

Within the HTML form, you can add a class end length specification for each input. If not specified the DEFAULT class and default length will be used.

REQUIREMENTS

You will need to have mod_perl installed in order to use this package.

The following perl modules are required: Digest::MD5 MIME::Base64 HTML::Parser Apache::ReverseProxy Apache::OutputChain

CONFIGURATION

This module is configured from the Apache configuration file.

PerlAddvar Class <Classname>:<regexp>
    Defines a new class or override the predefined ones.
    The regexp will be use as it is in the module (see man perlre).
PerlSetvar DefaultLength <size>
    Defines the default length of an argument value to use if not specified in the form. If set to 0, the length won't be checked.
PerlSetvar Action [remove, empty, keep, reject]
This define the action to take when a query argument doesn't match the class specification or was not in the initial form or link. The default action is to remove the argument from the query before passing to the server. reject will block the bad request.

reject is NOT IMPLEMENTED yet.

VERSION


0.1alpha

AUTHOR

Sebastien Lacoste-Seris <kaneda@securite.org>

SEE ALSO

Apache::OutputChain, Apache::ReverseProxy

COPYRIGHT

Copyright (c) 2001, Sebastien Lacoste-Seris. All rights reserved. This packaged is distributed under the terms of the GNU Public License.


  [ Passer en HTTP sécurisé ][ M'écrire ] (c) 1999 Sécurité.Org [ Infos légales