Overview

ApacheExtendedDiscovery pattern creates SoftwareComponent Nodes for websites, configured in configuration file. Therefore the pattern triggers off any type of Apache Webserver with config_fileattribute set.

Configuration Options

There are several configuration options available for this Extended Discovery:

  • read_includes := true; - supports parsing of configuration files loaded by main configuration file
  • include_depth := 2; - Maximum number of recursively included configuration files to read (up to 5)

Extracting website details

The pattern extracts httpd.conf file.
Then it extracts all websites VirtualHost zones and extracts the following attributes from each using appropriate regular expressions:

website attributeregexparsed node
website name

regex '(?m)^\s*ServerName\s+(\S+)'

website's VirtualHost zone
website aliases

regex '(?m)^\s*ServerAlias\s+([a-zA-Z0-9\-\. ]+)'

website's VirtualHost zone
website listening TCP sockets

regex '(?m)^\s*<VirtualHost\s+([^>]+?)\s*>'

website's VirtualHost zone
website listening IPs(IPv4)

regex '^(\d+(?:\.\d+){3})'

website's listening TCP socket
website listening IPs(IPv6)

regex '^\[([^]]+)'

website's listening TCP socket
website listening ports

regex ':(\d+)$'

website's listening TCP socket

As there might be several VirtualHost zones for the same website, the pattern parses all related zones and only afterward models the Software Component of the following view:

The Software Instance has the following model in this case:

Included configuration files

If read_includesoption from Configuration section is enabled the pattern discovers all .config files included into main Apache configuration file. Apache configuration allows several levels of subsequent includes. Therefore include_depthoption allows to set maximum number of recursively included configuration files to read (up to 5).

To extract includes the pattern uses the following regexes:

  • (?:\n|^)\s*[Ii]nclude(?:[Oo]ptional)? ["\']([^*]+?[/\\][^\\/ '"]+)["\']

  • (?:\n|^)\s*[Ii]nclude(?:[Oo]ptional)? ([^* ]+[/\\][^\\/ '"]+)(?:\s|\r|\n)

The pattern doesn't support includes with wildcard directories in path, but supports configuration file names wildcards. 'Include Optional' is also supported.

Was this page helpful? Yes No Submitting... Thank you