def SaveProtocols():
import changeconfig
a = stuffs.Filtro()
b = a.CheckStr(request.vars['id'])
if b != 'YES':
return
query = db(db.production.id_rand == request.vars['id']).select(
db.production.nginx_conf_data, db.production.app_name)
text = ""
array = ['unchecked', 'unchecked', 'unchecked']
if request.vars['1'] == "true":
text = text + " TLSv1"
array[0] = 'checked'
if request.vars['2'] == "true":
text = text + " TLSv1.1"
array[1] = 'checked'
if request.vars['3'] == "true":
text = text + " TLSv1.2"
array[2] = 'checked'
if text == "":
response.flash = "Error"
return
#print array
text = text + ";"
try:
change = changeconfig.Change()
r = change.Text(query[0]['nginx_conf_data'], 'ssl_protocols',
" ssl_protocols%s" % (text))
DataNginx = '\n'.join(r['new_list'])
AppName = query[0]['app_name']
UpdateFiles = stuffs.CreateFiles()
UpdateFiles.CreateNginxFiles(ProdNginxAvail, AppName, DataNginx)
u = stuffs.Nginx()
u.Reload()
db.certificate.update_or_insert(
db.certificate.id_rand == request.vars['id'], protocol=array)
db(db.production.id_rand == request.vars['id']).update(
nginx_conf_data='\n'.join(r['new_list']))
except Exception as e:
response.flash = e
return
response.flash = "Changed Protocol SSL"
return
def CipherPrefer():
import changeconfig
a = stuffs.Filtro()
b = a.CheckStr(request.vars['id'])
if b != 'YES':
return
query = db(db.production.id_rand == request.vars['id']).select(
db.production.nginx_conf_data, db.production.app_name)
text = ""
if request.vars['status'] == "On":
text = text + " on"
db.certificate.update_or_insert(
db.certificate.id_rand == request.vars['id'],
prefer_cipher="checked")
elif request.vars['status'] == "Off":
text = text + " off"
db.certificate.update_or_insert(
db.certificate.id_rand == request.vars['id'],
prefer_cipher="unchecked")
else:
response.flash = "Error"
return
text = text + ";"
try:
change = changeconfig.Change()
r = change.Text(query[0]['nginx_conf_data'],
'ssl_prefer_server_ciphers',
" ssl_prefer_server_ciphers%s" % (text))
DataNginx = '\n'.join(r['new_list'])
AppName = query[0]['app_name']
UpdateFiles = stuffs.CreateFiles()
UpdateFiles.CreateNginxFiles(ProdNginxAvail, AppName, DataNginx)
u = stuffs.Nginx()
u.Reload()
db(db.production.id_rand == request.vars['id']).update(
nginx_conf_data='\n'.join(r['new_list']))
except Exception as e:
response.flash = e
return
response.flash = "Changed SSL prefer server ciphers SSL"
return
def ExcludeLocal():
a = stuffs.Filtro()
try:
b = a.CheckStr(request.vars['id_rand'])
c = a.CheckRule(request.vars['ruleid'])
d = a.CheckName(request.vars['attack_name'])
f = a.CheckPath(request.vars['path'])
except:
b = 'NO'
if b == 'YES' and c == 'YES' and d == 'YES' and f == 'YES':
data = db((db.exclusions.id_rand == request.vars['id_rand']) & (db.exclusions.type == 1) & (db.exclusions.rules_id == request.vars['ruleid']) & (db.exclusions.local_path == request.vars['path'])).select(db.exclusions.rules_id, db.exclusions.local_path)
modsec_conf = db(db.production.id_rand == request.vars['id_rand']).select(db.production.app_name, db.production.modsec_conf_data)
if not data:
#random custom_id
custom_id = randint(0, 99999999)
#add rule id to exclusions in db
db.exclusions.insert(rules_id=request.vars['ruleid'], id_rand=request.vars['id_rand'], custom_id=custom_id, local_path=request.vars['path'], type=1, attack_name=request.vars['attack_name'], user=session['auth']['user']['username'])
#get updated rules id
rulesid = db((db.exclusions.id_rand == request.vars['id_rand']) & (db.exclusions.type == 1)).select(db.exclusions.rules_id, db.exclusions.local_path, db.exclusions.custom_id)
#Recreate the rules
rules = '#ExclusionLocal\n'
for i in rulesid:
rules = rules + "SecRule REQUEST_URI \"@beginswith "+i['local_path']+"\" \"id:"+str(i['custom_id'])+",phase:1,pass,nolog, ctl:ruleRemoveById="+i['rules_id']+"\"\n"
rules_list = rules
#replace old rules with new ones
replace = re.sub(r'^(##\w+Local\w+##\n).*(##\w+Local\w+##)', r'\1%s\2' %(rules_list.decode("utf-8")), modsec_conf[0]['modsec_conf_data'], flags=re.S | re.M)
db(db.production.id_rand == request.vars['id_rand']).update(modsec_conf_data=replace)#'\n'.join(r))
db.commit()
UpdateFiles = stuffs.CreateFiles()
try:
UpdateFiles.CreateModsecConf('prod', modsec_conf[0]['app_name'], replace)
a = stuffs.Nginx()
b = a.Reload()
#NewLogApp(db2, auth.user.username, "Mode: prod " + data[0]['app_name'])
except Exception as e:
#NewLogError(db2, auth.user.username, "Mode: " + str(e))
session.flash = e
response.flash = 'Rule has been excluded locally'
r = 'Rule has been excluded locally'
else:
response.flash = 'Rule ID or Path already excluded'
r = 'Rule ID already excluded'
else:
response.flash = 'Error in data supplied'
r = 'Error in data supplied'
#print b,c,d,f
return response.json(r)
def ExcludeGlobal():
#import changeconfig
a = stuffs.Filtro()
try:
b = a.CheckStr(request.vars['id_rand'])
c = a.CheckRule(request.vars['ruleid'])
d = a.CheckName(request.vars['attack_name'])
except:
b = 'NO'
if b == 'YES' and c == 'YES' and d == 'YES':
data = db((db.exclusions.id_rand == request.vars['id_rand']) & (db.exclusions.type == 0) & (db.exclusions.rules_id == request.vars['ruleid'])).select(db.exclusions.rules_id)
modsec_conf = db(db.production.id_rand == request.vars['id_rand']).select(db.production.app_name, db.production.modsec_conf_data)
if not data:
#add rule id to exclusions in db
db.exclusions.insert(rules_id=request.vars['ruleid'], id_rand=request.vars['id_rand'], type=0, attack_name=request.vars['attack_name'], user=session['auth']['user']['username'])
#get updated rules id
rulesid = db((db.exclusions.id_rand == request.vars['id_rand']) & (db.exclusions.type == 0)).select(db.exclusions.rules_id)
#change = changeconfig.Change()
rules = '#ExclusionGLobally\n'
for i in rulesid:
rules = rules + "SecRuleRemoveById " + str(i['rules_id']) + '\n'
rules_list = rules
replace = re.sub(r'^(##\w+Global\w+##\n).*(##\w+Global\w+##)', r'\1%s\2' %(rules_list.decode("utf-8")), modsec_conf[0]['modsec_conf_data'], flags=re.S | re.M)
db(db.production.id_rand == request.vars['id_rand']).update(modsec_conf_data=replace)#'\n'.join(r))
db.commit()
UpdateFiles = stuffs.CreateFiles()
try:
UpdateFiles.CreateModsecConf('prod', modsec_conf[0]['app_name'], replace)
a = stuffs.Nginx()
b = a.Reload()
#NewLogApp(db2, auth.user.username, "Mode: prod " + data[0]['app_name'])
except Exception as e:
#NewLogError(db2, auth.user.username, "Mode: " + str(e))
session.flash = e
response.flash = 'Rule has been excluded globally'
r = 'Rule has been excluded globally'
else:
response.flash = 'Rule ID already excluded'
r = 'Rule ID already excluded'
else:
response.flash = 'Error in data supplied'
r = 'Error in data supplied'
return response.json(r)
def SavedCipher():
import changeconfig
a = stuffs.Filtro()
b = a.CheckStr(request.vars['id'])
if b != 'YES':
response.flash = "Error"
return
if any(c in str(request.vars['ciphers'])
for c in "\"/',%#$=*()[]{}?¿|&<>¨~°^ ."):
response.flash = "Error"
return
query = db(db.production.id_rand == request.vars['id']).select(
db.production.nginx_conf_data, db.production.app_name)
text = request.vars['ciphers']
text2 = "'" + text + "';"
try:
change = changeconfig.Change()
r = change.Text(query[0]['nginx_conf_data'], 'ssl_ciphers',
" ssl_ciphers %s" % (text2))
DataNginx = '\n'.join(r['new_list'])
AppName = query[0]['app_name']
UpdateFiles = stuffs.CreateFiles()
UpdateFiles.CreateNginxFiles(ProdNginxAvail, AppName, DataNginx)
u = stuffs.Nginx()
u.Reload()
db.certificate.update_or_insert(
db.certificate.id_rand == request.vars['id'], ciphers=text)
db(db.production.id_rand == request.vars['id']).update(
nginx_conf_data='\n'.join(r['new_list']))
except Exception as e:
response.flash = e
return
response.flash = "Changed SSL Cipher"
return
def AddHeaders():
a = stuffs.Filtro()
# print request.vars
check_list = []
try:
b = a.CheckStr(request.vars['id'])
except Exception as debug:
d = debug
r = debug
b = 'NO'
response.flash = T('Error in data supplied')
# something strange happens below, is more slow when POST contains no data .......
if b == 'YES':
if len(request.vars) == 1 and request.vars.keys()[0] == 'id':
db(db.production.id_rand == request.vars['id']).update(
extra_headers="")
nginx_conf = db(
db.production.id_rand == request.vars['id']).select(
db.production.app_name, db.production.nginx_conf_data)
replace = re.sub(
r'(^ ##startInsertHead\w+##\n).*(^ ##endInsertHead\w+##)',
r'\1%s\2' % (''),
nginx_conf[0]['nginx_conf_data'],
flags=re.S | re.M)
db(db.production.id_rand == request.vars['id']).update(
nginx_conf_data=replace) # '\n'.join(r))
db.commit()
UpdateFiles = stuffs.CreateFiles()
# try:
# get the new conf
nginx_conf = db(
db.production.id_rand == request.vars['id']).select(
db.production.app_name, db.production.nginx_conf_data)
UpdateFiles.CreateNginxFiles(ProdNginxAvail,
nginx_conf[0]['app_name'],
nginx_conf[0]['nginx_conf_data'])
response.flash = 'Configuration was saved'
r = stuffs.Nginx()
r.Reload()
r = 'Configuration was saved'
else:
for test in request.vars.keys():
if test != 'id':
if len(request.vars[test]) == 2:
check_list.append('YES')
else:
check_list.append('NO')
response.flash = T('Error in data supplied')
if request.vars[test][1] == "":
check_list.append('NO')
response.flash = 'Header must have a value!'
else:
check_list.append('YES')
if len(request.vars[test][0]) != 0:
check_list.append('YES')
else:
response.flash = 'Header name can\'t be empty!'
check_list.append('NO')
r = ''
if 'NO' not in check_list and len(check_list) > 1:
cookies = []
cookies_list = ''
for i in request.vars.keys():
if 'cookie' in i:
cookies.append(' add_header ' + '"' +
request.vars[i][0] + '" "' +
request.vars[i][1] + '";\n')
cookies_list = cookies_list + \
request.vars[i][0] + ' ' + request.vars[i][1] + '\n'
else:
pass
db(db.production.id_rand == request.vars['id']).update(
extra_headers=cookies_list)
nginx_conf = db(
db.production.id_rand == request.vars['id']).select(
db.production.app_name, db.production.nginx_conf_data)
replace = re.sub(
r'(^ ##startInsertHead\w+##\n).*(^ ##endInsertHead\w+##)',
r'\1%s\2' % (''.join(cookies)),
nginx_conf[0]['nginx_conf_data'],
flags=re.S | re.M)
db(db.production.id_rand == request.vars['id']).update(
nginx_conf_data=replace) # '\n'.join(r))
db.commit()
UpdateFiles = stuffs.CreateFiles()
try:
# get the new conf
nginx_conf = db(
db.production.id_rand == request.vars['id']).select(
db.production.app_name, db.production.nginx_conf_data)
UpdateFiles.CreateNginxFiles(ProdNginxAvail,
nginx_conf[0]['app_name'],
nginx_conf[0]['nginx_conf_data'])
response.flash = 'Configuration was saved'
r = stuffs.Nginx()
r.Reload()
r = 'Configuration was saved'
# NewLogApp(db2, auth.user.username, "Mode: prod " + data[0]['app_name'])
except Exception as e:
# NewLogError(db2, auth.user.username, "Mode: " + str(e))
session.flash = e
r = e
else:
# print 'not continue'
r = 'Error in data supplied'
return response.json(r)
def DeleteRule():
import changeconfig
a = stuffs.Filtro()
#print request.vars['type']
try:
b = a.CheckStr(request.vars['id_rand'])
c = a.CheckRule(request.vars['ruleid'])
d = int(request.vars['type'])
except:
b = 'NO'
if b == 'YES' and c == 'YES' and request.vars['type'] == '0':
#remove rule from exclusions table
db((db.exclusions.id_rand == request.vars['id_rand'])
& (db.exclusions.rules_id == request.vars['ruleid'])
& (db.exclusions.type == 0)).delete()
modsec = db(db.production.id_rand == request.vars['id_rand']).select(
db.production.modsec_conf_data, db.production.app_name,
db.production.mode)
#change configuration
#Change return a dictionary with status message and the new list whith changed configuration ex: {'newconf_list': 'data', 'message':'success or error'}
change = changeconfig.Change()
alter = change.Text(modsec[0]['modsec_conf_data'],
'SecRuleRemoveById ' + request.vars['ruleid'], '')
db(db.production.id_rand == request.vars['id_rand']).update(
modsec_conf_data='\n'.join(alter['new_list']))
#get new modsec conf
new_modsec = db(
db.production.id_rand == request.vars['id_rand']).select(
db.production.modsec_conf_data)
UpdateFiles = stuffs.CreateFiles()
try:
UpdateFiles.CreateModsecConf('prod', modsec[0]['app_name'],
new_modsec[0]['modsec_conf_data'])
stuffs.Nginx().Reload()
#NewLogApp(db2, auth.user.username, "Mode: prod " + data[0]['app_name'])
except Exception as e:
#NewLogError(db2, auth.user.username, "Mode: " + str(e))
session.flash = e
response.flash = 'Rule deleted succesfully'
r = 'Rule deleted succesfully'
elif b == 'YES' and c == 'YES' and request.vars['type'] == '1':
db((db.exclusions.id_rand == request.vars['id_rand'])
& (db.exclusions.rules_id == request.vars['ruleid'])
& (db.exclusions.type == 1)).delete()
modsec = db(db.production.id_rand == request.vars['id_rand']).select(
db.production.modsec_conf_data, db.production.app_name,
db.production.mode)
#change configuration
#Change return a dictionary with status message and the new list whith changed configuration ex: {'newconf_list': 'data', 'message':'success or error'}
change = changeconfig.Change()
alter = change.Text(modsec[0]['modsec_conf_data'],
'ctl:ruleRemoveById=' + request.vars['ruleid'], '')
db(db.production.id_rand == request.vars['id_rand']).update(
modsec_conf_data='\n'.join(alter['new_list']))
#get new modsec conf
new_modsec = db(
db.production.id_rand == request.vars['id_rand']).select(
db.production.modsec_conf_data)
UpdateFiles = stuffs.CreateFiles()
try:
UpdateFiles.CreateModsecConf('prod', modsec[0]['app_name'],
new_modsec[0]['modsec_conf_data'])
stuffs.Nginx().Reload()
#NewLogApp(db2, auth.user.username, "Mode: prod " + data[0]['app_name'])
except Exception as e:
#NewLogError(db2, auth.user.username, "Mode: " + str(e))
session.flash = e
response.flash = 'Rule deleted succesfully'
r = 'Rule deleted succesfully'
else:
r = 'Error in data supplied'
return response.json(r)
