summaryrefslogtreecommitdiff
path: root/templates/vhosts/partials
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2011-05-17 22:52:47 +0200
committermh <mh@immerda.ch>2011-05-17 22:55:50 +0200
commitcbbffa1d3de5a19a72dd7bb88fb1bcb14e5384e1 (patch)
treeed24e2d85aa47f9e70ecfcc45bf20c7a2495da93 /templates/vhosts/partials
parent9081a3c7c3b9f956d0491712bae3ed5e94529e82 (diff)
improve mod_security rules
* handled now by a partial * possibility to add rules that should be removed * possibility to add custom mod_sec options" * use new infrastructure for existing mod_sec tweaks
Diffstat (limited to 'templates/vhosts/partials')
-rw-r--r--templates/vhosts/partials/mod_security.erb22
1 files changed, 16 insertions, 6 deletions
diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb
index 0e0f803..e70b217 100644
--- a/templates/vhosts/partials/mod_security.erb
+++ b/templates/vhosts/partials/mod_security.erb
@@ -1,17 +1,27 @@
<IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
+ <% if mod_security.to_s == 'true' then -%>
SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ <% if mod_security_relevantonly.to_s == 'true' then -%>
SecAuditEngine RelevantOnly
- <%- else -%>
+ <% else -%>
SecAuditEngine On
- <%- end -%>
- <%- else -%>
+ <% end -%>
+ <% else -%>
SecRuleEngine Off
SecAuditEngine Off
- <%- end -%>
+ <% end -%>
SecAuditLogType Concurrent
SecAuditLogStorageDir <%= logdir %>/
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
+ <% unless mod_security_rules_to_disable.to_a.empty? -%>
+
+ <% mod_security_rules_to_disable.to_a.each do |rule|
+ SecRuleRemoveById "<%= rule %>"
+ <% end -%>
+ <% end -%>
+ <% unless mod_security_additional_options.to_s == 'absent' -%>
+
+ <%= mod_security_additional_options %>
+ <% end -%>
</IfModule>