diff options
| author | Micah <micah@leap.se> | 2016-07-12 16:45:58 -0400 |
|---|---|---|
| committer | Micah <micah@leap.se> | 2016-07-12 16:45:58 -0400 |
| commit | 4aff06cc2fecc0b59728d7fc825fb36394b847b7 (patch) | |
| tree | 3668fd7666051bfd5e6b5b79a7238e54962e3948 /puppet/modules/apache/templates/vhosts/partials/mod_security.erb | |
| parent | f2019755fd724fb1020cb2d97cdf82b751450ebc (diff) | |
git subrepo clone https://leap.se/git/puppet_apache puppet/modules/apache
subrepo:
subdir: "puppet/modules/apache"
merged: "415e950"
upstream:
origin: "https://leap.se/git/puppet_apache"
branch: "master"
commit: "415e950"
git-subrepo:
version: "0.3.0"
origin: "https://github.com/ingydotnet/git-subrepo"
commit: "1e79595"
Change-Id: Iba7353669969a09c0b4bbd63add67e3245b05ede
Diffstat (limited to 'puppet/modules/apache/templates/vhosts/partials/mod_security.erb')
| -rw-r--r-- | puppet/modules/apache/templates/vhosts/partials/mod_security.erb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/puppet/modules/apache/templates/vhosts/partials/mod_security.erb b/puppet/modules/apache/templates/vhosts/partials/mod_security.erb new file mode 100644 index 00000000..380e78f1 --- /dev/null +++ b/puppet/modules/apache/templates/vhosts/partials/mod_security.erb @@ -0,0 +1,27 @@ + <IfModule mod_security2.c> +<% if @mod_security.to_s == 'true' -%> + SecRuleEngine On +<% if @mod_security_relevantonly.to_s == 'true' -%> + SecAuditEngine RelevantOnly +<% else -%> + SecAuditEngine On +<% end -%> +<% else -%> + SecRuleEngine Off + SecAuditEngine Off +<% end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= @logdir %>/ + SecAuditLog <%= @logdir %>/mod_security_audit.log + SecDebugLog <%= @logdir %>/mod_security_debug.log +<% unless (disabled_rules=Array(@mod_security_rules_to_disable)).empty? -%> + +<% disabled_rules.each do |rule| -%> + SecRuleRemoveById "<%= rule %>" +<% end -%> +<% end -%> +<% unless (s=@mod_security_additional_options).to_s == 'absent' -%> + + <%= s %> +<% end -%> + </IfModule> |