Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
tutorial:adm:server_preparation_tmp [2020/03/12 11:40] urbanl [INSTALACTNI NAVOD] |
tutorial:adm:server_preparation_tmp [2020/03/12 12:50] urbanl [HTTPd installation and configuration] |
ProxyPreserveHost on | ProxyPreserveHost on |
ProxyAddHeaders on | ProxyAddHeaders on |
ProxyPass / ajp://127.0.0.1:8009/ | ProxyPass / ajp://127.0.0.1:8009/ secret=**tomcat_ajp_secret** |
ProxyPassReverse / ajp://127.0.0.1:8009/ | ProxyPassReverse / ajp://127.0.0.1:8009/ secret=**tomcat_ajp_secret** |
</code> | </code> |
| |
</code> | </code> |
| |
| Allow in SELINUX to httpd connect to network: |
| <code> |
| /usr/sbin/setsebool -P httpd_can_network_connect 1 |
| </code> |
| |
Enable httpd after OS start: | Enable httpd after OS start: |
<code bash> | <code bash> |
</code> | </code> |
| |
==== mod_security configuration - CentOS7 ==== | ==== mod_security configuration - CentOS8 ==== |
| |
In the file /etc/httpd/modsecurity.d/modsecurity\_crs\_10\_config.conf, find the rule with id=900012 and add support for content\_type=application/json, application/hal+json and text/plain on the line starting with tx.allowed\_request\_content\_type, then allow PUT DELETE and PATCH methods on the line with tx.allowed\_methods. | In the file /etc/httpd/modsecurity.d/activated_rules/REQUEST-901-INITIALIZATION.conf, find the rule 900200 and 900220 then add support for content\_type=application/json, application/hal+json and text/plain on the line starting with tx.allowed\_request\_content\_type, then allow PUT DELETE and PATCH methods on the line with tx.allowed\_methods. |
Whole rule after the changes looks like this: | Whole rules after the changes looks like this: |
| |
<code> | <code> |
SecAction \ | # Default HTTP policy: allowed_methods (rule 900200) |
"id:'900012', \ | SecRule &TX:allowed_methods "@eq 0" \ |
phase:1, \ | "id:901160,\ |
t:none, \ | phase:1,\ |
setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE', \ | pass,\ |
setvar:'tx.allowed_request_content_type=application/hal+json|application/json|text/plain|application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', \ | nolog,\ |
setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \ | setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE'" |
setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', \ | |
setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', \ | # Default HTTP policy: allowed_request_content_type (rule 900220) |
nolog, \ | SecRule &TX:allowed_request_content_type "@eq 0" \ |
pass" | "id:901162,\ |
| phase:1,\ |
| pass,\ |
| nolog,\ |
| setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain|application/hal+json'" |
</code> | </code> |
| |