diff options
26 files changed, 104 insertions, 1 deletions
diff --git a/manifests/vhost.pp b/manifests/vhost.pp index c889bfa..f1a20f0 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -43,6 +43,7 @@ define apache::vhost( $htpasswd_file = 'absent', $htpasswd_path = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $use_mod_macro = false, $ldap_auth = false, $ldap_user = 'any' diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index eb78c42..88e7e52 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -25,6 +25,7 @@ define apache::vhost::modperl( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 633721c..0279374 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -26,6 +26,7 @@ define apache::vhost::passenger( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index 3c7e9ea..9c8382a 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -34,6 +34,7 @@ define apache::vhost::php::drupal( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 39d224e..2239f52 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -34,6 +34,7 @@ define apache::vhost::php::joomla( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index d2cf346..e2f6827 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -34,6 +34,7 @@ define apache::vhost::php::mediawiki( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index 08916db..0f76528 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -34,6 +34,7 @@ define apache::vhost::php::simplemachine( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index cacd5e9..7b04b41 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -34,6 +34,7 @@ define apache::vhost::php::spip( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index a7d1276..d9359bc 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -41,6 +41,7 @@ define apache::vhost::php::standard( $default_charset = 'absent', $use_mod_macro = false, $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index 950cba8..28edb84 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -34,6 +34,7 @@ define apache::vhost::php::typo3( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index e9c7f3e..929f20e 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -37,6 +37,7 @@ define apache::vhost::php::webapp( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index 0b94d4b..31e66e8 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -34,6 +34,7 @@ define apache::vhost::php::wordpress( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp index 50bb3d8..6a1228a 100644 --- a/manifests/vhost/static.pp +++ b/manifests/vhost/static.pp @@ -23,7 +23,8 @@ define apache::vhost::static( $vhost_destination = 'absent', $htpasswd_file = 'absent', $htpasswd_path = 'absent', - $mod_security = false + $mod_security = false, + $mod_security_relevantonly = true ){ # create webdir ::apache::vhost::webdir{$name: diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index bda1f04..cca04f1 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -47,6 +47,7 @@ define apache::vhost::template( $template_mode = 'static', $ssl_mode = false, $mod_security = true, + $mod_security_relevantonly = true, $use_mod_macro = false, $htpasswd_file = 'absent', $htpasswd_path = 'absent', diff --git a/manifests/vhost/webdav.pp b/manifests/vhost/webdav.pp index ab99039..5f0aad2 100644 --- a/manifests/vhost/webdav.pp +++ b/manifests/vhost/webdav.pp @@ -26,6 +26,7 @@ define apache::vhost::webdav( $additional_options = 'absent', $default_charset = 'absent', $mod_security = false, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index c5cbb5d..23b723f 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -49,7 +49,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -114,7 +118,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/passenger/passenger.erb b/templates/vhosts/passenger/passenger.erb index 41b903b..2c23dce 100644 --- a/templates/vhosts/passenger/passenger.erb +++ b/templates/vhosts/passenger/passenger.erb @@ -39,7 +39,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -92,7 +96,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 0e64da1..0582e73 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -54,7 +54,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -122,7 +126,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 411bfd6..4a6c829 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -57,7 +57,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -128,7 +132,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 9d54940..0367a53 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -79,7 +79,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -172,7 +176,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 4bfef81..18caff8 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -66,7 +66,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -150,7 +154,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index 72f7b38..ddb59ed 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -51,7 +51,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -116,7 +120,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index 411bfd6..4a6c829 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -57,7 +57,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -128,7 +132,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index a22c8ec..4ad4022 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -67,7 +67,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -141,7 +145,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index a7aa374..05354d6 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -39,7 +39,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -94,7 +98,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index 671ff58..336c5f6 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -56,7 +56,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -129,7 +133,11 @@ <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off |