summaryrefslogtreecommitdiff
path: root/templates/vhosts/partials/mod_security.erb
diff options
context:
space:
mode:
Diffstat (limited to 'templates/vhosts/partials/mod_security.erb')
-rw-r--r--templates/vhosts/partials/mod_security.erb22
1 files changed, 16 insertions, 6 deletions
diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb
index 0e0f803..e70b217 100644
--- a/templates/vhosts/partials/mod_security.erb
+++ b/templates/vhosts/partials/mod_security.erb
@@ -1,17 +1,27 @@
<IfModule mod_security2.c>
- <%- if mod_security.to_s == 'true' then -%>
+ <% if mod_security.to_s == 'true' then -%>
SecRuleEngine On
- <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ <% if mod_security_relevantonly.to_s == 'true' then -%>
SecAuditEngine RelevantOnly
- <%- else -%>
+ <% else -%>
SecAuditEngine On
- <%- end -%>
- <%- else -%>
+ <% end -%>
+ <% else -%>
SecRuleEngine Off
SecAuditEngine Off
- <%- end -%>
+ <% end -%>
SecAuditLogType Concurrent
SecAuditLogStorageDir <%= logdir %>/
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
+ <% unless mod_security_rules_to_disable.to_a.empty? -%>
+
+ <% mod_security_rules_to_disable.to_a.each do |rule|
+ SecRuleRemoveById "<%= rule %>"
+ <% end -%>
+ <% end -%>
+ <% unless mod_security_additional_options.to_s == 'absent' -%>
+
+ <%= mod_security_additional_options %>
+ <% end -%>
</IfModule>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 05:07:48 +0000