diff options
Diffstat (limited to 'puppet/modules/apache/templates/vhosts/partials/mod_security.erb')
-rw-r--r-- | puppet/modules/apache/templates/vhosts/partials/mod_security.erb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/puppet/modules/apache/templates/vhosts/partials/mod_security.erb b/puppet/modules/apache/templates/vhosts/partials/mod_security.erb new file mode 100644 index 00000000..380e78f1 --- /dev/null +++ b/puppet/modules/apache/templates/vhosts/partials/mod_security.erb @@ -0,0 +1,27 @@ + <IfModule mod_security2.c> +<% if @mod_security.to_s == 'true' -%> + SecRuleEngine On +<% if @mod_security_relevantonly.to_s == 'true' -%> + SecAuditEngine RelevantOnly +<% else -%> + SecAuditEngine On +<% end -%> +<% else -%> + SecRuleEngine Off + SecAuditEngine Off +<% end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= @logdir %>/ + SecAuditLog <%= @logdir %>/mod_security_audit.log + SecDebugLog <%= @logdir %>/mod_security_debug.log +<% unless (disabled_rules=Array(@mod_security_rules_to_disable)).empty? -%> + +<% disabled_rules.each do |rule| -%> + SecRuleRemoveById "<%= rule %>" +<% end -%> +<% end -%> +<% unless (s=@mod_security_additional_options).to_s == 'absent' -%> + + <%= s %> +<% end -%> + </IfModule> |