diff options
| author | mh <mh@immerda.ch> | 2011-05-17 22:52:47 +0200 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2011-05-17 22:55:50 +0200 |
| commit | cbbffa1d3de5a19a72dd7bb88fb1bcb14e5384e1 (patch) | |
| tree | ed24e2d85aa47f9e70ecfcc45bf20c7a2495da93 /templates | |
| parent | 9081a3c7c3b9f956d0491712bae3ed5e94529e82 (diff) | |
improve mod_security rules
* handled now by a partial
* possibility to add rules that should be removed
* possibility to add custom mod_sec options"
* use new infrastructure for existing mod_sec tweaks
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/vhosts/gitweb/gitweb.erb | 36 | ||||
| -rw-r--r-- | templates/vhosts/partials/mod_security.erb | 22 | ||||
| -rw-r--r-- | templates/vhosts/perl/perl.erb | 72 | ||||
| -rw-r--r-- | templates/vhosts/php/php.erb | 72 | ||||
| -rw-r--r-- | templates/vhosts/php_drupal/php_drupal.erb | 72 | ||||
| -rw-r--r-- | templates/vhosts/php_gallery2/php_gallery2.erb | 64 | ||||
| -rw-r--r-- | templates/vhosts/php_joomla/php_joomla.erb | 128 | ||||
| -rw-r--r-- | templates/vhosts/php_mediawiki/php_mediawiki.erb | 56 | ||||
| -rw-r--r-- | templates/vhosts/php_silverstripe/php_silverstripe.erb | 80 | ||||
| -rw-r--r-- | templates/vhosts/php_simplemachine/php_simplemachine.erb | 72 | ||||
| -rw-r--r-- | templates/vhosts/php_spip/php_spip.erb | 72 | ||||
| -rw-r--r-- | templates/vhosts/php_typo3/php_typo3.erb | 106 | ||||
| -rw-r--r-- | templates/vhosts/php_wordpress/php_wordpress.erb | 69 | ||||
| -rw-r--r-- | templates/vhosts/proxy/proxy.erb | 4 | ||||
| -rw-r--r-- | templates/vhosts/static/static.erb | 36 | ||||
| -rw-r--r-- | templates/vhosts/webdav/webdav.erb | 72 |
16 files changed, 72 insertions, 961 deletions
diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 2c64b1c..f732eb3 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -61,23 +61,7 @@ <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -144,23 +128,7 @@ <%- end %> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb index 0e0f803..e70b217 100644 --- a/templates/vhosts/partials/mod_security.erb +++ b/templates/vhosts/partials/mod_security.erb @@ -1,17 +1,27 @@ <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> + <% if mod_security.to_s == 'true' then -%> SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> + <% if mod_security_relevantonly.to_s == 'true' then -%> SecAuditEngine RelevantOnly - <%- else -%> + <% else -%> SecAuditEngine On - <%- end -%> - <%- else -%> + <% end -%> + <% else -%> SecRuleEngine Off SecAuditEngine Off - <%- end -%> + <% end -%> SecAuditLogType Concurrent SecAuditLogStorageDir <%= logdir %>/ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <% unless mod_security_rules_to_disable.to_a.empty? -%> + + <% mod_security_rules_to_disable.to_a.each do |rule| + SecRuleRemoveById "<%= rule %>" + <% end -%> + <% end -%> + <% unless mod_security_additional_options.to_s == 'absent' -%> + + <%= mod_security_additional_options %> + <% end -%> </IfModule> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 55e6e56..6e79805 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -73,23 +73,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -164,23 +148,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -270,23 +238,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -368,23 +320,7 @@ ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index ef50008..cbbc736 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -76,23 +76,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -170,23 +154,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -265,23 +233,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -353,23 +305,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 1e3e0f4..57bf6d9 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -97,23 +97,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -213,23 +197,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -327,23 +295,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -433,23 +385,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index d4f210c..ef2444f 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -84,23 +84,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -186,19 +170,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -287,23 +259,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -381,19 +337,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index ebaefd8..c7e06d7 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -85,37 +85,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - <LocationMatch '^/'> - SecRuleRemoveById 950013 - </LocationMatch> - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'> - SecRuleRemoveById 960010 - </LocationMatch> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -193,37 +163,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - <LocationMatch '^/'> - SecRuleRemoveById 950013 - </LocationMatch> - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'> - SecRuleRemoveById 960010 - </LocationMatch> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -313,37 +253,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - <LocationMatch '^/'> - SecRuleRemoveById 950013 - </LocationMatch> - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'> - SecRuleRemoveById 960010 - </LocationMatch> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -417,37 +327,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - <LocationMatch '^/'> - SecRuleRemoveById 950013 - </LocationMatch> - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'> - SecRuleRemoveById 960010 - </LocationMatch> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index 2a33e1f..a5fd4f3 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -71,19 +71,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -157,19 +145,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -248,19 +224,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -334,19 +298,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index de4dd5d..c2d8e49 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -95,25 +95,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -207,25 +189,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -325,25 +289,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -431,25 +377,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index b53477e..dfe0af2 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -70,23 +70,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -158,23 +142,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -253,23 +221,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -341,23 +293,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index 05f8485..ebd9d84 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -76,23 +76,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -170,23 +154,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -265,23 +233,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -353,23 +305,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index bf0bd5d..e65a5c9 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -83,32 +83,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <Location "/typo3"> - <IfModule mod_security2.c> - SecRuleEngine Off - SecAuditEngine Off - </IfModule> - </Location> - - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -185,32 +160,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <Location "/typo3"> - <IfModule mod_security2.c> - SecRuleEngine Off - SecAuditEngine Off - </IfModule> - </Location> - - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -298,31 +248,7 @@ <%- end -%> <%- end -%> - <Location "/typo3"> - <IfModule mod_security2.c> - SecRuleEngine Off - </IfModule> - </Location> - - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -394,31 +320,7 @@ </Directory> <%- end -%> - <Location "/typo3"> - <IfModule mod_security2.c> - SecRuleEngine Off - </IfModule> - </Location> - - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index 5ae6e24..de889ee 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -73,23 +73,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - </IfModule> - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -163,22 +147,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -257,22 +226,7 @@ <%- end -%> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -344,22 +298,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index 5b1465f..885bce3 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -44,6 +44,8 @@ ProxyPassReverse / <%= options %>/ <%- end -%> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> + <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> @@ -79,6 +81,8 @@ Header add Strict-Transport-Security "max-age=15768000" +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> + <Proxy *> Order deny,allow Allow from all diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 030d588..55ae5ac 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -51,23 +51,7 @@ </Directory> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -125,23 +109,7 @@ </Directory> <%- end %> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index fa76b27..e498833 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -76,23 +76,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -170,23 +154,7 @@ </Directory> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -239,23 +207,7 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -303,23 +255,7 @@ Header add Strict-Transport-Security "max-age=15768000" - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> |