bwaegeneire/apache-require
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Finally working

Browse source
This commit is contained in:
Brice Waegeneire 2021-01-12 17:31:27 +01:00
parent ca18a45319
commit cf2017a863
3 changed files with 46 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
convert.pl
View file

@ -4,7 +4,7 @@
# securly migrate to apache 2.2 to 2.4. This script only migrate most # securly migrate to apache 2.2 to 2.4. This script only migrate most
# common pattern. # common pattern.
#use re "debug"; # use re "debug";
use strict; use strict;
use warnings; use warnings;
@ -20,14 +20,17 @@ use warnings;
# Regex for spaces bettwen word (including comment character) # Regex for spaces bettwen word (including comment character)
my $s = '[#\s]*'; my $s = '[#\s]*';
while (<ARGV>) { while (<>) {
# ** Order # ** Order
# Default of mod_access_compat # Default of mod_access_compat
next if /Order${s}deny,allow/i; next if /Order${s}deny,allow/i;
if (/(Order${s}Allow,Deny)/i) { if (/(Order${s}Allow,Deny)/i) {
$_ .= <ARGV>; $_ .= <> unless eof;
# NOTE We replace with dpreceated directive, because they are
# replaced with the current one down the line.
s/${1}${s}(Deny${s}from${s}all)/$1/i; s/${1}${s}(Deny${s}from${s}all)/$1/i;
s/${1}${s}(Allow${s}from${s}localhost.*)/$1/i;
}; };
# ** Satisfy # ** Satisfy
@ -36,15 +39,13 @@ while (<ARGV>) {
# ** Misc # ** Misc
if (/(Require${s}valid-user)/i) { if (/(Require${s}valid-user)/i) {
$_ .= <ARGV>.<ARGV>.<ARGV>; $_ .= <>.<>.<> unless eof;
s/(${1})${s}Order${s}Deny,Allow${s}Deny${s}from${s}all/$1/i; s/(${1})${s}Order${s}Deny,Allow${s}Deny${s}from${s}all/$1/i;
}; };
# ** Deny # ** Deny
if (/(Deny${s}from${s}all)/i) { if (/(Deny${s}from${s}all)/i) {
# unless (eof(ARGV)) { $_ .= <> unless eof;
$_ .= <ARGV>;
# };
s/${1}${s}Allow${s}from/Require ip/i; s/${1}${s}Allow${s}from/Require ip/i;
s/Deny${s}from${s}all/Require all denied/i; s/Deny${s}from${s}all/Require all denied/i;
}; };
@ -53,11 +54,10 @@ while (<ARGV>) {
# ** Allow # ** Allow
s/Allow${s}from${s}all/Require all granted/i; s/Allow${s}from${s}all/Require all granted/i;
s/Allow${s}from${s}localhost.*/Require ip local/i;
s/Allow${s}from/Require ip/i; s/Allow${s}from/Require ip/i;
print ARGV; print;
} }
# close $fh; # close $fh;
# print 'END THIS SHIT!!!!\n';

29
migrate.sh
View file

@ -1,13 +1,24 @@
#!/bin/sh #!/bin/sh
newline="\n[[:blank:]]" set -e
# 2.2 Directives inventory=$1
all_denied="s/Order deny,allow${newline}Deny from all/Require all denied/"
-
## Last
deny_from_env="s/Deny from env=/Require not env /"
allow_all="s/Allow from all/Require all granted/"
# Mixed directives tmp_dir=/tmp/apache-require
mix_allow_all_require_all="s/Allow from all${newline}Require all granted/Require all granted/" inventory=$tmp_dir/inventory
to_convert=$tmp_dir/to_convert
# Create a backup of the FILE specific for this project
backup() {
file=$1
cp "$file" "$file".apreq.bak
}
awk '{ print $1 }' "$inventory" > "$to_convert"
while IFS= read -r file; do
echo $file
backup "$file"
perl -i ~bwaegeneire/convert.pl "$file"
done < "$to_convert"

17
snippets
View file

@ -1,4 +1,19 @@
Order deny,allow Order deny,allow
Deny from all Deny from all
Satisfy any
Allow from 127.0.0.1 Allow from 127.0.0.1
Include /etc/apache2/ipaddr_whitelist.conf
Deny from env=bar
foo bar
Include /etc/apache2/ipaddr_whitelist.conf