summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/vhost.pp5
-rw-r--r--manifests/vhost/file.pp15
-rw-r--r--manifests/vhost/modperl.pp4
-rw-r--r--manifests/vhost/passenger.pp4
-rw-r--r--manifests/vhost/php/drupal.pp4
-rw-r--r--manifests/vhost/php/gallery2.pp4
-rw-r--r--manifests/vhost/php/joomla.pp22
-rw-r--r--manifests/vhost/php/mediawiki.pp4
-rw-r--r--manifests/vhost/php/silverstripe.pp9
-rw-r--r--manifests/vhost/php/simplemachine.pp4
-rw-r--r--manifests/vhost/php/spip.pp4
-rw-r--r--manifests/vhost/php/standard.pp4
-rw-r--r--manifests/vhost/php/typo3.pp16
-rw-r--r--manifests/vhost/php/webapp.pp4
-rw-r--r--manifests/vhost/php/wordpress.pp8
-rw-r--r--manifests/vhost/proxy.pp6
-rw-r--r--manifests/vhost/static.pp6
-rw-r--r--manifests/vhost/template.pp2
-rw-r--r--manifests/vhost/webdav.pp5
-rw-r--r--templates/vhosts/gitweb/gitweb.erb36
-rw-r--r--templates/vhosts/partials/mod_security.erb22
-rw-r--r--templates/vhosts/perl/perl.erb72
-rw-r--r--templates/vhosts/php/php.erb72
-rw-r--r--templates/vhosts/php_drupal/php_drupal.erb72
-rw-r--r--templates/vhosts/php_gallery2/php_gallery2.erb64
-rw-r--r--templates/vhosts/php_joomla/php_joomla.erb128
-rw-r--r--templates/vhosts/php_mediawiki/php_mediawiki.erb56
-rw-r--r--templates/vhosts/php_silverstripe/php_silverstripe.erb80
-rw-r--r--templates/vhosts/php_simplemachine/php_simplemachine.erb72
-rw-r--r--templates/vhosts/php_spip/php_spip.erb72
-rw-r--r--templates/vhosts/php_typo3/php_typo3.erb106
-rw-r--r--templates/vhosts/php_wordpress/php_wordpress.erb69
-rw-r--r--templates/vhosts/proxy/proxy.erb4
-rw-r--r--templates/vhosts/static/static.erb36
-rw-r--r--templates/vhosts/webdav/webdav.erb72
35 files changed, 193 insertions, 970 deletions
diff --git a/manifests/vhost.pp b/manifests/vhost.pp
index 089eb62..af067d1 100644
--- a/manifests/vhost.pp
+++ b/manifests/vhost.pp
@@ -70,6 +70,8 @@ define apache::vhost(
$htpasswd_path = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$use_mod_macro = false,
$ldap_auth = false,
$ldap_user = 'any'
@@ -123,6 +125,9 @@ define apache::vhost(
ldap_auth => $ldap_auth,
ldap_user => $ldap_user,
mod_security => $mod_security,
+ mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
use_mod_macro => $use_mod_macro,
}
}
diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp
index bbd2f8c..6c750c1 100644
--- a/manifests/vhost/file.pp
+++ b/manifests/vhost/file.pp
@@ -70,22 +70,27 @@ define apache::vhost::file(
notify => Service[apache],
owner => root, group => 0, mode => 0644;
}
- if $do_includes {
+ if $ensure != 'absent' {
+ if $do_includes {
include ::apache::includes
- }
- if $use_mod_macro {
+ }
+ if $use_mod_macro {
include ::apache::mod_macro
- }
- if $ensure != 'absent' {
+ }
case $logmode {
'semianonym','anonym': { include apache::noiplog }
}
case $run_mode {
'itk': {
include ::apache::itk::lock
+ if $mod_security { include mod_security::itk }
}
'proxy-itk','static-itk': {
include ::apache::itk_plus::lock
+ if $mod_security { include mod_security::itk_plus }
+ }
+ default: {
+ if $mod_security { include mod_security }
}
}
diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp
index 459f424..70a10ea 100644
--- a/manifests/vhost/modperl.pp
+++ b/manifests/vhost/modperl.pp
@@ -48,6 +48,8 @@ define apache::vhost::modperl(
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -123,6 +125,8 @@ define apache::vhost::modperl(
htpasswd_path => $htpasswd_path,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
}
}
diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp
index 919f6c9..d09c882 100644
--- a/manifests/vhost/passenger.pp
+++ b/manifests/vhost/passenger.pp
@@ -36,6 +36,8 @@ define apache::vhost::passenger(
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -128,6 +130,8 @@ define apache::vhost::passenger(
htpasswd_path => $htpasswd_path,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
}
}
diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp
index 06601f8..adf1b9e 100644
--- a/manifests/vhost/php/drupal.pp
+++ b/manifests/vhost/php/drupal.pp
@@ -57,6 +57,8 @@ define apache::vhost::php::drupal(
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -117,6 +119,8 @@ define apache::vhost::php::drupal(
default_charset => $default_charset,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
ssl_mode => $ssl_mode,
vhost_mode => $vhost_mode,
vhost_source => $vhost_source,
diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp
index a43e627..cb4d77d 100644
--- a/manifests/vhost/php/gallery2.pp
+++ b/manifests/vhost/php/gallery2.pp
@@ -56,6 +56,8 @@ define apache::vhost::php::gallery2(
$default_charset = 'absent',
$mod_security = false,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -142,6 +144,8 @@ define apache::vhost::php::gallery2(
default_charset => $default_charset,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
ssl_mode => $ssl_mode,
vhost_mode => $vhost_mode,
vhost_source => $vhost_source,
diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp
index 96e3ab1..3767c50 100644
--- a/manifests/vhost/php/joomla.pp
+++ b/manifests/vhost/php/joomla.pp
@@ -56,6 +56,8 @@ define apache::vhost::php::joomla(
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -75,6 +77,24 @@ define apache::vhost::php::joomla(
},
default => "${path}/www"
}
+
+ if $mod_security_additional_options == 'absent' {
+ $real_mod_security_additional_options = '# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+ # Exceptions for Joomla Root Directory
+ <LocationMatch "^/">
+ SecRuleRemoveById 950013
+ </LocationMatch>
+
+ # Exceptions for Joomla Administration Panel
+ SecRule REQUEST_FILENAME "/administrator/index2.php" \
+ "allow,phase:1,nolog,ctl:ruleEngine=Off"
+
+ # Exceptions for Joomla Component Expose
+ <LocationMatch "^/components/com_expose/expose/manager/amfphp/gateway.php">
+ SecRuleRemoveById 960010
+ </LocationMatch>
+'
+ } else { $real_mod_security_additional_options = $mod_security_additional_options }
# create vhost configuration file
::apache::vhost::php::webapp{$name:
@@ -104,6 +124,8 @@ define apache::vhost::php::joomla(
default_charset => $default_charset,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $real_mod_security_additional_options,
ssl_mode => $ssl_mode,
vhost_mode => $vhost_mode,
vhost_source => $vhost_source,
diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp
index fe2cbc0..76faceb 100644
--- a/manifests/vhost/php/mediawiki.pp
+++ b/manifests/vhost/php/mediawiki.pp
@@ -56,6 +56,8 @@ define apache::vhost::php::mediawiki(
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -90,6 +92,8 @@ define apache::vhost::php::mediawiki(
default_charset => $default_charset,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
ssl_mode => $ssl_mode,
vhost_mode => $vhost_mode,
vhost_source => $vhost_source,
diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp
index cf67d16..06ee1c4 100644
--- a/manifests/vhost/php/silverstripe.pp
+++ b/manifests/vhost/php/silverstripe.pp
@@ -56,6 +56,8 @@ define apache::vhost::php::silverstripe(
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -73,6 +75,8 @@ define apache::vhost::php::silverstripe(
},
default => "${path}/www"
}
+ $modsec_rules = ["960010"]
+ $real_mod_security_rules_to_disable = array_union($mod_security_rules_to_disable,$modsec_rules)
# create vhost configuration file
::apache::vhost::php::webapp{$name:
@@ -102,6 +106,8 @@ define apache::vhost::php::silverstripe(
default_charset => $default_charset,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
ssl_mode => $ssl_mode,
vhost_mode => $vhost_mode,
vhost_source => $vhost_source,
@@ -109,8 +115,7 @@ define apache::vhost::php::silverstripe(
htpasswd_file => $htpasswd_file,
htpasswd_path => $htpasswd_path,
manage_directories => $manage_directories,
- managed_directories => [ "$documentroot/assets"
- ],
+ managed_directories => [ "$documentroot/assets" ],
manage_config => $manage_config,
}
diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp
index 0983f17..8632763 100644
--- a/manifests/vhost/php/simplemachine.pp
+++ b/manifests/vhost/php/simplemachine.pp
@@ -56,6 +56,8 @@ define apache::vhost::php::simplemachine(
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -102,6 +104,8 @@ define apache::vhost::php::simplemachine(
default_charset => $default_charset,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
ssl_mode => $ssl_mode,
vhost_mode => $vhost_mode,
vhost_source => $vhost_source,
diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp
index 290082f..4fe9f9a 100644
--- a/manifests/vhost/php/spip.pp
+++ b/manifests/vhost/php/spip.pp
@@ -56,6 +56,8 @@ define apache::vhost::php::spip(
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -99,6 +101,8 @@ define apache::vhost::php::spip(
default_charset => $default_charset,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options=> $mod_security_additional_options,
ssl_mode => $ssl_mode,
vhost_mode => $vhost_mode,
vhost_source => $vhost_source,
diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp
index 9f988d1..143e006 100644
--- a/manifests/vhost/php/standard.pp
+++ b/manifests/vhost/php/standard.pp
@@ -67,6 +67,8 @@ define apache::vhost::php::standard(
$use_mod_macro = false,
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -189,6 +191,8 @@ define apache::vhost::php::standard(
htpasswd_path => $htpasswd_path,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
use_mod_macro => $use_mod_macro,
}
}
diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp
index 40c171f..9d404a4 100644
--- a/manifests/vhost/php/typo3.pp
+++ b/manifests/vhost/php/typo3.pp
@@ -56,6 +56,8 @@ define apache::vhost::php::typo3(
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -73,6 +75,18 @@ define apache::vhost::php::typo3(
},
default => "${path}/www"
}
+
+ $modsec_rules = ["960010"]
+ $real_mod_security_rules_to_disable = array_union($mod_security_rules_to_disable,$modsec_rules)
+ if $mod_security_additional_options == 'absent' {
+ $real_mod_security_additional_options = '<Location "/typo3">
+ SecRuleEngine Off
+ SecAuditEngine Off
+ </Location>
+'
+ } else {
+ $real_mod_security_additional_options = $mod_security_additional_options
+ }
# create vhost configuration file
::apache::vhost::php::webapp{$name:
@@ -102,6 +116,8 @@ define apache::vhost::php::typo3(
default_charset => $default_charset,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $real_mod_security_rules_to_disable,
+ mod_security_additional_options => $real_mod_security_additional_options,
ssl_mode => $ssl_mode,
vhost_mode => $vhost_mode,
vhost_source => $vhost_source,
diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp
index 9716dfb..bd72eb1 100644
--- a/manifests/vhost/php/webapp.pp
+++ b/manifests/vhost/php/webapp.pp
@@ -59,6 +59,8 @@ define apache::vhost::php::webapp(
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -130,6 +132,8 @@ define apache::vhost::php::webapp(
default_charset => $default_charset,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
ssl_mode => $ssl_mode,
vhost_mode => $vhost_mode,
vhost_source => $vhost_source,
diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp
index 461a2d7..b8ea359 100644
--- a/manifests/vhost/php/wordpress.pp
+++ b/manifests/vhost/php/wordpress.pp
@@ -56,6 +56,8 @@ define apache::vhost::php::wordpress(
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -74,9 +76,11 @@ define apache::vhost::php::wordpress(
},
default => "${path}/www"
}
+ $modsec_rules = ["960010", "950018"]
+ $real_mod_security_rules_to_disable = array_union($mod_security_rules_to_disable,$modsec_rules)
# create vhost configuration file
- ::apache::vhost::php::webapp{$name:
+ apache::vhost::php::webapp{$name:
ensure => $ensure,
domain => $domain,
domainalias => $domainalias,
@@ -103,6 +107,8 @@ define apache::vhost::php::wordpress(
default_charset => $default_charset,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $real_mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
ssl_mode => $ssl_mode,
vhost_mode => $vhost_mode,
vhost_source => $vhost_source,
diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp
index 6cfdd16..dfc6a0b 100644
--- a/manifests/vhost/proxy.pp
+++ b/manifests/vhost/proxy.pp
@@ -29,6 +29,9 @@ define apache::vhost::proxy(
$logmode = 'default',
$mod_security = false,
$ssl_mode = false,
+ $mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$additional_options = 'absent'
){
# create vhost configuration file
@@ -49,6 +52,9 @@ define apache::vhost::proxy(
allow_override => $allow_override,
run_mode => 'normal',
mod_security => $mod_security,
+ mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
options => $target_url,
ssl_mode => $ssl_mode,
additional_options => $additional_options,
diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp
index ab96141..76e2bee 100644
--- a/manifests/vhost/static.pp
+++ b/manifests/vhost/static.pp
@@ -37,7 +37,9 @@ define apache::vhost::static(
$htpasswd_file = 'absent',
$htpasswd_path = 'absent',
$mod_security = false,
- $mod_security_relevantonly = true
+ $mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent'
){
# create webdir
::apache::vhost::webdir{$name:
@@ -73,6 +75,8 @@ define apache::vhost::static(
htpasswd_path => $htpasswd_path,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
}
}
diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp
index 303de0e..3fe78c9 100644
--- a/manifests/vhost/template.pp
+++ b/manifests/vhost/template.pp
@@ -79,6 +79,8 @@ define apache::vhost::template(
$ssl_mode = false,
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$use_mod_macro = false,
$htpasswd_file = 'absent',
$htpasswd_path = 'absent',
diff --git a/manifests/vhost/webdav.pp b/manifests/vhost/webdav.pp
index b4775d5..94b177c 100644
--- a/manifests/vhost/webdav.pp
+++ b/manifests/vhost/webdav.pp
@@ -46,6 +46,8 @@ define apache::vhost::webdav(
$default_charset = 'absent',
$mod_security = false,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
$vhost_source = 'absent',
@@ -113,6 +115,9 @@ define apache::vhost::webdav(
ldap_auth => $ldap_auth,
ldap_user => $ldap_user,
mod_security => $mod_security,
+ mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
}
}
diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb
index 2c64b1c..f732eb3 100644
--- a/templates/vhosts/gitweb/gitweb.erb
+++ b/templates/vhosts/gitweb/gitweb.erb
@@ -61,23 +61,7 @@
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -144,23 +128,7 @@
<%- end %>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb
index 0e0f803..e70b217 100644
--- a/templates/vhosts/partials/mod_security.erb
+++ b/templates/vhosts/partials/mod_security.erb
@@ -1,17 +1,27 @@
<IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
+ <% if mod_security.to_s == 'true' then -%>
SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ <% if mod_security_relevantonly.to_s == 'true' then -%>
SecAuditEngine RelevantOnly
- <%- else -%>
+ <% else -%>
SecAuditEngine On
- <%- end -%>
- <%- else -%>
+ <% end -%>
+ <% else -%>
SecRuleEngine Off
SecAuditEngine Off
- <%- end -%>
+ <% end -%>
SecAuditLogType Concurrent
SecAuditLogStorageDir <%= logdir %>/
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
+ <% unless mod_security_rules_to_disable.to_a.empty? -%>
+
+ <% mod_security_rules_to_disable.to_a.each do |rule|
+ SecRuleRemoveById "<%= rule %>"
+ <% end -%>
+ <% end -%>
+ <% unless mod_security_additional_options.to_s == 'absent' -%>
+
+ <%= mod_security_additional_options %>
+ <% end -%>
</IfModule>
diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb
index 55e6e56..6e79805 100644
--- a/templates/vhosts/perl/perl.erb
+++ b/templates/vhosts/perl/perl.erb
@@ -73,23 +73,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -164,23 +148,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -270,23 +238,7 @@
<%- end -%>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -368,23 +320,7 @@
ScriptAlias /cgi-bin/ <%= cgi_binpath %>/
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb
index ef50008..cbbc736 100644
--- a/templates/vhosts/php/php.erb
+++ b/templates/vhosts/php/php.erb
@@ -76,23 +76,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -170,23 +154,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -265,23 +233,7 @@
<%- end -%>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -353,23 +305,7 @@
</Directory>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb
index 1e3e0f4..57bf6d9 100644
--- a/templates/vhosts/php_drupal/php_drupal.erb
+++ b/templates/vhosts/php_drupal/php_drupal.erb
@@ -97,23 +97,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -213,23 +197,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -327,23 +295,7 @@
<%- end -%>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -433,23 +385,7 @@
</Directory>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb
index d4f210c..ef2444f 100644
--- a/templates/vhosts/php_gallery2/php_gallery2.erb
+++ b/templates/vhosts/php_gallery2/php_gallery2.erb
@@ -84,23 +84,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -186,19 +170,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- SecAuditEngine On
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -287,23 +259,7 @@
<%- end -%>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -381,19 +337,7 @@
</Directory>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- SecAuditEngine On
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb
index ebaefd8..c7e06d7 100644
--- a/templates/vhosts/php_joomla/php_joomla.erb
+++ b/templates/vhosts/php_joomla/php_joomla.erb
@@ -85,37 +85,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- # Exceptions for Joomla Root Directory
- <LocationMatch '^/'>
- SecRuleRemoveById 950013
- </LocationMatch>
-
- # Exceptions for Joomla Administration Panel
- SecRule REQUEST_FILENAME "/administrator/index2.php" \
- "allow,phase:1,nolog,ctl:ruleEngine=Off"
-
- # Exceptions for Joomla Component Expose
- <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'>
- SecRuleRemoveById 960010
- </LocationMatch>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -193,37 +163,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- # Exceptions for Joomla Root Directory
- <LocationMatch '^/'>
- SecRuleRemoveById 950013
- </LocationMatch>
-
- # Exceptions for Joomla Administration Panel
- SecRule REQUEST_FILENAME "/administrator/index2.php" \
- "allow,phase:1,nolog,ctl:ruleEngine=Off"
-
- # Exceptions for Joomla Component Expose
- <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'>
- SecRuleRemoveById 960010
- </LocationMatch>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -313,37 +253,7 @@
<%- end -%>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- # Exceptions for Joomla Root Directory
- <LocationMatch '^/'>
- SecRuleRemoveById 950013
- </LocationMatch>
-
- # Exceptions for Joomla Administration Panel
- SecRule REQUEST_FILENAME "/administrator/index2.php" \
- "allow,phase:1,nolog,ctl:ruleEngine=Off"
-
- # Exceptions for Joomla Component Expose
- <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'>
- SecRuleRemoveById 960010
- </LocationMatch>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -417,37 +327,7 @@
</Directory>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- # Exceptions for Joomla Root Directory
- <LocationMatch '^/'>
- SecRuleRemoveById 950013
- </LocationMatch>
-
- # Exceptions for Joomla Administration Panel
- SecRule REQUEST_FILENAME "/administrator/index2.php" \
- "allow,phase:1,nolog,ctl:ruleEngine=Off"
-
- # Exceptions for Joomla Component Expose
- <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'>
- SecRuleRemoveById 960010
- </LocationMatch>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb
index 2a33e1f..a5fd4f3 100644
--- a/templates/vhosts/php_mediawiki/php_mediawiki.erb
+++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb
@@ -71,19 +71,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- SecAuditEngine On
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -157,19 +145,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- SecAuditEngine On
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -248,19 +224,7 @@
<%- end -%>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- SecAuditEngine On
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -334,19 +298,7 @@
</Directory>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- SecAuditEngine On
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb
index de4dd5d..c2d8e49 100644
--- a/templates/vhosts/php_silverstripe/php_silverstripe.erb
+++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb
@@ -95,25 +95,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -207,25 +189,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -325,25 +289,7 @@
<%- end -%>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -431,25 +377,7 @@
</Directory>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb
index b53477e..dfe0af2 100644
--- a/templates/vhosts/php_simplemachine/php_simplemachine.erb
+++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb
@@ -70,23 +70,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -158,23 +142,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -253,23 +221,7 @@
<%- end -%>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -341,23 +293,7 @@
</Directory>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb
index 05f8485..ebd9d84 100644
--- a/templates/vhosts/php_spip/php_spip.erb
+++ b/templates/vhosts/php_spip/php_spip.erb
@@ -76,23 +76,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -170,23 +154,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -265,23 +233,7 @@
<%- end -%>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -353,23 +305,7 @@
</Directory>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb
index bf0bd5d..e65a5c9 100644
--- a/templates/vhosts/php_typo3/php_typo3.erb
+++ b/templates/vhosts/php_typo3/php_typo3.erb
@@ -83,32 +83,7 @@
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <Location "/typo3">
- <IfModule mod_security2.c>
- SecRuleEngine Off
- SecAuditEngine Off
- </IfModule>
- </Location>
-
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -185,32 +160,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <Location "/typo3">
- <IfModule mod_security2.c>
- SecRuleEngine Off
- SecAuditEngine Off
- </IfModule>
- </Location>
-
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -298,31 +248,7 @@
<%- end -%>
<%- end -%>
- <Location "/typo3">
- <IfModule mod_security2.c>
- SecRuleEngine Off
- </IfModule>
- </Location>
-
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -394,31 +320,7 @@
</Directory>
<%- end -%>
- <Location "/typo3">
- <IfModule mod_security2.c>
- SecRuleEngine Off
- </IfModule>
- </Location>
-
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb
index 5ae6e24..de889ee 100644
--- a/templates/vhosts/php_wordpress/php_wordpress.erb
+++ b/templates/vhosts/php_wordpress/php_wordpress.erb
@@ -73,23 +73,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- SecAuditEngine On
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- SecRuleRemoveById "950018"
- </IfModule>
- <%- end -%>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -163,22 +147,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- SecAuditEngine On
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- SecRuleRemoveById "950018"
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -257,22 +226,7 @@
<%- end -%>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- SecAuditEngine On
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- SecRuleRemoveById "950018"
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -344,22 +298,7 @@
</Directory>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- SecAuditEngine On
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
- SecRuleRemoveById "960010"
- SecRuleRemoveById "950018"
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb
index 5b1465f..885bce3 100644
--- a/templates/vhosts/proxy/proxy.erb
+++ b/templates/vhosts/proxy/proxy.erb
@@ -44,6 +44,8 @@
ProxyPassReverse / <%= options %>/
<%- end -%>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
+
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
@@ -79,6 +81,8 @@
Header add Strict-Transport-Security "max-age=15768000"
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
+
<Proxy *>
Order deny,allow
Allow from all
diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb
index 030d588..55ae5ac 100644
--- a/templates/vhosts/static/static.erb
+++ b/templates/vhosts/static/static.erb
@@ -51,23 +51,7 @@
</Directory>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -125,23 +109,7 @@
</Directory>
<%- end %>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb
index fa76b27..e498833 100644
--- a/templates/vhosts/webdav/webdav.erb
+++ b/templates/vhosts/webdav/webdav.erb
@@ -76,23 +76,7 @@
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -170,23 +154,7 @@
</Directory>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
@@ -239,23 +207,7 @@
AddDefaultCharset <%= default_charset %>
<%- end -%>
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -303,23 +255,7 @@
Header add Strict-Transport-Security "max-age=15768000"
- <IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
- SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
- SecAuditEngine RelevantOnly
- <%- else -%>
- SecAuditEngine On
- <%- end -%>
- <%- else -%>
- SecRuleEngine Off
- SecAuditEngine Off
- <%- end -%>
- SecAuditLogType Concurrent
- SecAuditLogStorageDir <%= logdir %>/
- SecAuditLog <%= logdir %>/mod_security_audit.log
- SecDebugLog <%= logdir %>/mod_security_debug.log
- </IfModule>
+<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>