add mod_security stuff to the new default template

author: mh <mh@immerda.ch> 2011-03-17 13:14:22 +0100
committer: mh <mh@immerda.ch> 2011-03-17 13:14:22 +0100
commit: f614f355a6321285406fe7cb23a664e302e1d79c (patch)
tree: a601ac808ae996022a91586cdf476d8afb5d58f5 /templates
parent: b1d5cf786cf1b9ae9d37917cef77e85506cb88ea (diff)
1 files changed, 21 insertions, 1 deletions
diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb
index 69af8f0..41879c8 100644
--- a/templates/vhosts/default.erb
+++ b/templates/vhosts/default.erb
@@ -22,6 +22,26 @@ vhost_parts.each do |vhost_part|
   <% else -%>
 <%= scope.function_template(template_partial) %>
   <% end -%>
+  <IfModule mod_security2.c>
+    <%- if mod_security.to_s == 'true' then -%>
+    SecRuleEngine On
+    <%- if mod_security_relevantonly.to_s == 'true' then -%>
+    SecAuditEngine RelevantOnly
+    <%- else -%>
+    SecAuditEngine On
+    <%- end -%>
+    <%- else -%>
+    SecRuleEngine Off
+    SecAuditEngine Off
+    <%- end -%>
+    SecAuditLogType Concurrent
+    SecAuditLogStorageDir <%= logdir %>/
+    SecAuditLog <%= logdir %>/mod_security_audit.log
+    SecDebugLog <%= logdir %>/mod_security_debug.log
+  </IfModule>
 
+  <%- unless additional_options.to_s == 'absent' then -%>
+  <%= additional_options %>
+  <%- end -%>
 </VirtualHost>
-<% end -%>
+<% end -%>
+\ No newline at end of file
author	mh <mh@immerda.ch>	2011-03-17 13:14:22 +0100
committer	mh <mh@immerda.ch>	2011-03-17 13:14:22 +0100
commit	f614f355a6321285406fe7cb23a664e302e1d79c (patch)
tree	a601ac808ae996022a91586cdf476d8afb5d58f5 /templates
parent	b1d5cf786cf1b9ae9d37917cef77e85506cb88ea (diff)