From ad8d19a08cb27c8b87b675f46abe75ca0d52345d Mon Sep 17 00:00:00 2001
From: Michael Fleming <mfleming@fedoraproject.org>
Date: Sat, 9 Jul 2005 11:58:44 +0000
Subject: [PATCH] - Ruleset improvements - Requires httpd-mmn so we only
 install w/appropriate httpd versions.

---
 mod_security.conf | 12 ++++++------
 mod_security.spec | 10 ++++++++--
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/mod_security.conf b/mod_security.conf
index 67b360e..11d546d 100644
--- a/mod_security.conf
+++ b/mod_security.conf
@@ -37,18 +37,18 @@ LoadModule security_module modules/mod_security.so
     # SecFilter 111
    
     # Prevent path traversal (..) attacks
-    SecFilter "\.\./"
+    # SecFilter "\.\./"
 
     # Weaker XSS protection but allows common HTML tags
-    SecFilter "<( |\n)*script"
+    # SecFilter "<( |\n)*script"
 
     # Prevent XSS atacks (HTML/Javascript injection)
-    SecFilter "<(.|\n)+>"
+    # SecFilter "<(.|\n)+>"
 
     # Very crude filters to prevent SQL injection attacks
-    SecFilter "delete[[:space:]]+from"
-    SecFilter "insert[[:space:]]+into"
-    SecFilter "select.+from"
+    # SecFilter "delete[[:space:]]+from"
+    # SecFilter "insert[[:space:]]+into"
+    # SecFilter "select.+from"
 
     # Require HTTP_USER_AGENT and HTTP_HOST headers
     SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
diff --git a/mod_security.spec b/mod_security.spec
index 5749a2d..379f235 100644
--- a/mod_security.spec
+++ b/mod_security.spec
@@ -1,14 +1,15 @@
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
 Version: 1.8.7
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPL
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
 Source: http://www.modsecurity.org/download/modsecurity-%{version}.tar.gz
 Source1: mod_security.conf
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: httpd
+Requires: httpd  httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat
+%{_includedir}/httpd/.mmn || echo missing)
 BuildRequires: httpd-devel
 
 %description
@@ -40,6 +41,11 @@ rm -rf %{buildroot}
 %config(noreplace) /etc/httpd/conf.d/mod_security.conf
 
 %changelog
+* Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-4
+- Add Requires: httpd-mmn to get the appropriate "module magic" version
+  (thanks Ville Skyttä)
+- Disabled an overly-agressive rule or two..
+
 * Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-3
 - Correct Buildroot
 - Some sensible and safe rules for common apps in mod_security.conf