summaryrefslogtreecommitdiff
path: root/templates/vhosts/partials/mod_security.erb
diff options
context:
space:
mode:
Diffstat (limited to 'templates/vhosts/partials/mod_security.erb')
-rw-r--r--templates/vhosts/partials/mod_security.erb27
1 files changed, 27 insertions, 0 deletions
diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb
new file mode 100644
index 0000000..5b4fca8
--- /dev/null
+++ b/templates/vhosts/partials/mod_security.erb
@@ -0,0 +1,27 @@
+ <IfModule mod_security2.c>
+<% if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+<% if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+<% else -%>
+ SecAuditEngine On
+<% end -%>
+<% else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+<% end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+<% unless mod_security_rules_to_disable.to_a.empty? -%>
+
+<% mod_security_rules_to_disable.to_a.each do |rule| -%>
+ SecRuleRemoveById "<%= rule %>"
+<% end -%>
+<% end -%>
+<% unless mod_security_additional_options.to_s == 'absent' -%>
+
+ <%= mod_security_additional_options %>
+<% end -%>
+ </IfModule>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 14:34:40 +0000