Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:server_preparation_tmp [2020/03/12 11:40]
urbanl [INSTALACTNI NAVOD] 		tutorial:adm:server_preparation_tmp [2020/03/12 12:50]
urbanl [HTTPd installation and configuration]
Line 587: Line 587:
   ProxyPreserveHost on   ProxyPreserveHost on
   ProxyAddHeaders on   ProxyAddHeaders on
-  ProxyPass / ajp://127.0.0.1:8009/ +  ProxyPass / ajp://127.0.0.1:8009/ secret=**tomcat_ajp_secret** 
-  ProxyPassReverse / ajp://127.0.0.1:8009/+  ProxyPassReverse / ajp://127.0.0.1:8009/ secret=**tomcat_ajp_secret**
 </code> </code>
  
Line 631: Line 631:
 </code> </code>
  
 +Allow in SELINUX to httpd connect to network:
 +<code>
 +/usr/sbin/setsebool -P httpd_can_network_connect 1
 +</code>
 + 
 Enable httpd after OS start: Enable httpd after OS start:
 <code bash> <code bash>
Line 694: Line 699:
 </code> </code>
  
-==== mod_security configuration - CentOS7  ====+==== mod_security configuration - CentOS8  ====
  
-In the file /etc/httpd/modsecurity.d/modsecurity\_crs\_10\_config.conf, find the rule with id=900012 and add support for content\_type=application/json, application/hal+json and text/plain on the line starting with tx.allowed\_request\_content\_type, then allow PUT DELETE and PATCH methods on the line with tx.allowed\_methods. +In the file /etc/httpd/modsecurity.d/activated_rules/REQUEST-901-INITIALIZATION.conf, find the rule 900200 and 900220 then add support for content\_type=application/json, application/hal+json and text/plain on the line starting with tx.allowed\_request\_content\_type, then allow PUT DELETE and PATCH methods on the line with tx.allowed\_methods. 
-Whole rule after the changes looks like this:+Whole rules after the changes looks like this:
  
 <code> <code>
-SecAction +# Default HTTP policy: allowed_methods (rule 900200) 
-  "id:'900012', \ +SecRule &TX:allowed_methods "@eq 0" 
-  phase:1, \ +    "id:901160,\ 
-  t:none, \ +    phase:1,\ 
-  setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE',+    pass,
-  setvar:'tx.allowed_request_content_type=application/hal+json|application/json|text/plain|application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', \ +    nolog,\ 
-  setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \ +    setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE'
-  setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/',+ 
-  setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', \ +# Default HTTP policy: allowed_request_content_type (rule 900220) 
-  nolog, \ +SecRule &TX:allowed_request_content_type "@eq 0" \ 
-  pass"+    "id:901162,\ 
 +    phase:1,
 +    pass,\ 
 +    nolog,\ 
 +    setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain|application/hal+json'"
 </code> </code>