improve mod_security rules

* handled now by a partial * possibility to add rules that should be removed * possibility to add custom mod_sec options" * use new infrastructure for existing mod_sec tweaks
author: mh <mh@immerda.ch> 2011-05-17 22:52:47 +0200
committer: mh <mh@immerda.ch> 2011-05-17 22:55:50 +0200
commit: cbbffa1d3de5a19a72dd7bb88fb1bcb14e5384e1 (patch)
tree: ed24e2d85aa47f9e70ecfcc45bf20c7a2495da93 /manifests/vhost/file.pp
parent: 9081a3c7c3b9f956d0491712bae3ed5e94529e82 (diff)
1 files changed, 10 insertions, 5 deletions
diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp
index bbd2f8c..6c750c1 100644
--- a/manifests/vhost/file.pp
+++ b/manifests/vhost/file.pp
@@ -70,22 +70,27 @@ define apache::vhost::file(
         notify => Service[apache],
         owner => root, group => 0, mode => 0644;
     }
-    if $do_includes {
+    if $ensure != 'absent' {
+      if $do_includes {
         include ::apache::includes
-    }
-    if $use_mod_macro {
+      }
+      if $use_mod_macro {
         include ::apache::mod_macro
-    }
-    if $ensure != 'absent' {
+      }
       case $logmode {
         'semianonym','anonym': { include apache::noiplog }
       }
       case $run_mode {
         'itk': {
           include ::apache::itk::lock
+          if $mod_security { include mod_security::itk }
         }
         'proxy-itk','static-itk': {
           include ::apache::itk_plus::lock
+          if $mod_security { include mod_security::itk_plus }
+        }
+        default: {
+          if $mod_security { include mod_security }
         }
       }
author	mh <mh@immerda.ch>	2011-05-17 22:52:47 +0200
committer	mh <mh@immerda.ch>	2011-05-17 22:55:50 +0200
commit	cbbffa1d3de5a19a72dd7bb88fb1bcb14e5384e1 (patch)
tree	ed24e2d85aa47f9e70ecfcc45bf20c7a2495da93 /manifests/vhost/file.pp
parent	9081a3c7c3b9f956d0491712bae3ed5e94529e82 (diff)