diff options
author | mh <mh@immerda.ch> | 2011-05-17 22:52:47 +0200 |
---|---|---|
committer | mh <mh@immerda.ch> | 2011-05-17 22:55:50 +0200 |
commit | cbbffa1d3de5a19a72dd7bb88fb1bcb14e5384e1 (patch) | |
tree | ed24e2d85aa47f9e70ecfcc45bf20c7a2495da93 /templates/vhosts/partials | |
parent | 9081a3c7c3b9f956d0491712bae3ed5e94529e82 (diff) |
improve mod_security rules
* handled now by a partial
* possibility to add rules that should be removed
* possibility to add custom mod_sec options"
* use new infrastructure for existing mod_sec tweaks
Diffstat (limited to 'templates/vhosts/partials')
-rw-r--r-- | templates/vhosts/partials/mod_security.erb | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb index 0e0f803..e70b217 100644 --- a/templates/vhosts/partials/mod_security.erb +++ b/templates/vhosts/partials/mod_security.erb @@ -1,17 +1,27 @@ <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> + <% if mod_security.to_s == 'true' then -%> SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> + <% if mod_security_relevantonly.to_s == 'true' then -%> SecAuditEngine RelevantOnly - <%- else -%> + <% else -%> SecAuditEngine On - <%- end -%> - <%- else -%> + <% end -%> + <% else -%> SecRuleEngine Off SecAuditEngine Off - <%- end -%> + <% end -%> SecAuditLogType Concurrent SecAuditLogStorageDir <%= logdir %>/ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <% unless mod_security_rules_to_disable.to_a.empty? -%> + + <% mod_security_rules_to_disable.to_a.each do |rule| + SecRuleRemoveById "<%= rule %>" + <% end -%> + <% end -%> + <% unless mod_security_additional_options.to_s == 'absent' -%> + + <%= mod_security_additional_options %> + <% end -%> </IfModule> |