From 596fad44d14887b5271f90b6aa1d0f011fb99c3e Mon Sep 17 00:00:00 2001
From: Romain Dessort <rdessort@evolix.fr>
Date: Tue, 10 May 2016 16:50:44 -0400
Subject: [PATCH] Fix #1077. Add check to ensure there is real IP addresses in
 Allow/Deny directives

---
 evocheck.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/evocheck.sh b/evocheck.sh
index 0fff9fc..b53595e 100755
--- a/evocheck.sh
+++ b/evocheck.sh
@@ -61,6 +61,7 @@ IS_USERLOGROTATE=1
 IS_MODSECURITY=1
 IS_APACHECTL=1
 IS_APACHESYMLINK=1
+IS_APACHEIPINALLOW=1
 IS_MUNINAPACHECONF=1
 IS_SAMBAPINPRIORITY=1
 IS_KERNELUPTODATE=1
@@ -362,6 +363,12 @@ if [ -e /etc/debian_version ]; then
             (stat -c %F /etc/apache2/sites-enabled/* | grep -q regular && echo 'IS_APACHESYMLINK FAILED!')
     fi
 
+    # Check if there is real IP addresses in Allow/Deny directives (no trailing space, inline comments or so).
+    if [ "$IS_APACHEIPINALLOW" = 1 ]; then
+        # Note: Replace "exit 1" by "print" in Perl code to debug it.
+        is_installed apache2.2-common && grep -IrE "(Allow|Deny) from" /etc/apache2/ |grep -v "from all" |perl -ne 'exit 1 unless (/from( \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})+$/)' || echo 'IS_APACHEIPINALLOW FAILED!'
+    fi
+
     # Check if default Apache configuration file for munin is absent (or empty or commented).
     if [ "$IS_MUNINAPACHECONF" ]; then
         if is_debianversion squeeze || is_debianversion wheezy; then