diff options
author | mh <mh@immerda.ch> | 2011-05-17 22:52:47 +0200 |
---|---|---|
committer | mh <mh@immerda.ch> | 2011-05-17 22:55:50 +0200 |
commit | cbbffa1d3de5a19a72dd7bb88fb1bcb14e5384e1 (patch) | |
tree | ed24e2d85aa47f9e70ecfcc45bf20c7a2495da93 /templates/vhosts/php_wordpress/php_wordpress.erb | |
parent | 9081a3c7c3b9f956d0491712bae3ed5e94529e82 (diff) |
improve mod_security rules
* handled now by a partial
* possibility to add rules that should be removed
* possibility to add custom mod_sec options"
* use new infrastructure for existing mod_sec tweaks
Diffstat (limited to 'templates/vhosts/php_wordpress/php_wordpress.erb')
-rw-r--r-- | templates/vhosts/php_wordpress/php_wordpress.erb | 69 |
1 files changed, 4 insertions, 65 deletions
diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index 5ae6e24..de889ee 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -73,23 +73,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - </IfModule> - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -163,22 +147,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -257,22 +226,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -344,22 +298,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> |