summaryrefslogtreecommitdiff
path: root/templates/vhosts/perl
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2011-05-17 22:52:47 +0200
committermh <mh@immerda.ch>2011-05-17 22:55:50 +0200
commitcbbffa1d3de5a19a72dd7bb88fb1bcb14e5384e1 (patch)
treeed24e2d85aa47f9e70ecfcc45bf20c7a2495da93 /templates/vhosts/perl
parent9081a3c7c3b9f956d0491712bae3ed5e94529e82 (diff)
improve mod_security rules
* handled now by a partial * possibility to add rules that should be removed * possibility to add custom mod_sec options" * use new infrastructure for existing mod_sec tweaks
Diffstat (limited to 'templates/vhosts/perl')
-rw-r--r--templates/vhosts/perl/perl.erb72
1 files changed, 4 insertions, 68 deletions
diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb
index 55e6e56..6e79805 100644
--- a/templates/vhosts/perl/perl.erb
+++ b/templates/vhosts/perl/perl.erb
@@ -73,23 +73,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -164,23 +148,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -270,23 +238,7 @@
<%- end -%>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -368,23 +320,7 @@
ScriptAlias /cgi-bin/ <%= cgi_binpath %>/
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>