include redirect of administrator dir to ssl; add mod_security exception

author: andreas <andreas@immerda.ch> 2009-03-07 13:00:04 +0000
committer: andreas <andreas@immerda.ch> 2009-03-07 13:00:04 +0000
commit: 15e2e4b657ca6ae189854c70635c478ebe13d3a1 (patch)
tree: 9e91c5883f63ef642e9ca07dc95c82e55d35523f /templates/vhosts/php_joomla
parent: 61cf3dbfd672bff8b79747233d31e0c98de7e696 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/templates/vhosts/php_joomla/CentOS.erb b/templates/vhosts/php_joomla/CentOS.erb
index e3dc7fa..3e75fea 100644
--- a/templates/vhosts/php_joomla/CentOS.erb
+++ b/templates/vhosts/php_joomla/CentOS.erb
@@ -40,9 +40,21 @@
         php_admin_value session.save_path <%= php_session_save_path %>
     </Directory>
     <%- end -%>
+	
+    <Directory "<%= documentroot %>/administrator/">
+        RewriteEngine on
+
+        # Rewrite URLs to https that go for the admin area
+        RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$
+        RewriteCond %{HTTPS} !=on
+        RewriteCond %{REQUEST_URI} (.*/administrator/.*)
+        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
+    </Directory>
 
     <IfModule mod_security2.c>
         SecRuleEngine <%= if mod_security.to_s == 'true' then "On" else "Off" end %>
+	# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+	SecRuleRemoveById "960010"
     </IfModule>
 
     <%- unless additional_options.to_s == 'absent' then -%>
author	andreas <andreas@immerda.ch>	2009-03-07 13:00:04 +0000
committer	andreas <andreas@immerda.ch>	2009-03-07 13:00:04 +0000
commit	15e2e4b657ca6ae189854c70635c478ebe13d3a1 (patch)
tree	9e91c5883f63ef642e9ca07dc95c82e55d35523f /templates/vhosts/php_joomla
parent	61cf3dbfd672bff8b79747233d31e0c98de7e696 (diff)