diff options
Diffstat (limited to 'templates/vhosts/partials/mod_security.erb')
-rw-r--r-- | templates/vhosts/partials/mod_security.erb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb new file mode 100644 index 0000000..5b4fca8 --- /dev/null +++ b/templates/vhosts/partials/mod_security.erb @@ -0,0 +1,27 @@ + <IfModule mod_security2.c> +<% if mod_security.to_s == 'true' then -%> + SecRuleEngine On +<% if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly +<% else -%> + SecAuditEngine On +<% end -%> +<% else -%> + SecRuleEngine Off + SecAuditEngine Off +<% end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log +<% unless mod_security_rules_to_disable.to_a.empty? -%> + +<% mod_security_rules_to_disable.to_a.each do |rule| -%> + SecRuleRemoveById "<%= rule %>" +<% end -%> +<% end -%> +<% unless mod_security_additional_options.to_s == 'absent' -%> + + <%= mod_security_additional_options %> +<% end -%> + </IfModule> |