diff options
Diffstat (limited to 'templates/vhosts/partials/mod_security.erb')
-rw-r--r-- | templates/vhosts/partials/mod_security.erb | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb index 0e0f803..e70b217 100644 --- a/templates/vhosts/partials/mod_security.erb +++ b/templates/vhosts/partials/mod_security.erb @@ -1,17 +1,27 @@ <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> + <% if mod_security.to_s == 'true' then -%> SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> + <% if mod_security_relevantonly.to_s == 'true' then -%> SecAuditEngine RelevantOnly - <%- else -%> + <% else -%> SecAuditEngine On - <%- end -%> - <%- else -%> + <% end -%> + <% else -%> SecRuleEngine Off SecAuditEngine Off - <%- end -%> + <% end -%> SecAuditLogType Concurrent SecAuditLogStorageDir <%= logdir %>/ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <% unless mod_security_rules_to_disable.to_a.empty? -%> + + <% mod_security_rules_to_disable.to_a.each do |rule| + SecRuleRemoveById "<%= rule %>" + <% end -%> + <% end -%> + <% unless mod_security_additional_options.to_s == 'absent' -%> + + <%= mod_security_additional_options %> + <% end -%> </IfModule> |