diff options
author | mh <mh@immerda.ch> | 2011-05-17 22:52:47 +0200 |
---|---|---|
committer | mh <mh@immerda.ch> | 2011-05-17 22:55:50 +0200 |
commit | cbbffa1d3de5a19a72dd7bb88fb1bcb14e5384e1 (patch) | |
tree | ed24e2d85aa47f9e70ecfcc45bf20c7a2495da93 /templates/vhosts/php_joomla/php_joomla.erb | |
parent | 9081a3c7c3b9f956d0491712bae3ed5e94529e82 (diff) |
improve mod_security rules
* handled now by a partial
* possibility to add rules that should be removed
* possibility to add custom mod_sec options"
* use new infrastructure for existing mod_sec tweaks
Diffstat (limited to 'templates/vhosts/php_joomla/php_joomla.erb')
-rw-r--r-- | templates/vhosts/php_joomla/php_joomla.erb | 128 |
1 files changed, 4 insertions, 124 deletions
diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index ebaefd8..c7e06d7 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -85,37 +85,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - <LocationMatch '^/'> - SecRuleRemoveById 950013 - </LocationMatch> - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'> - SecRuleRemoveById 960010 - </LocationMatch> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -193,37 +163,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - <LocationMatch '^/'> - SecRuleRemoveById 950013 - </LocationMatch> - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'> - SecRuleRemoveById 960010 - </LocationMatch> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -313,37 +253,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - <LocationMatch '^/'> - SecRuleRemoveById 950013 - </LocationMatch> - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'> - SecRuleRemoveById 960010 - </LocationMatch> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -417,37 +327,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - <LocationMatch '^/'> - SecRuleRemoveById 950013 - </LocationMatch> - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'> - SecRuleRemoveById 960010 - </LocationMatch> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> |