From cbbffa1d3de5a19a72dd7bb88fb1bcb14e5384e1 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 May 2011 22:52:47 +0200 Subject: improve mod_security rules * handled now by a partial * possibility to add rules that should be removed * possibility to add custom mod_sec options" * use new infrastructure for existing mod_sec tweaks --- templates/vhosts/php_typo3/php_typo3.erb | 106 ++----------------------------- 1 file changed, 4 insertions(+), 102 deletions(-) (limited to 'templates/vhosts/php_typo3/php_typo3.erb') diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index bf0bd5d..e65a5c9 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -83,32 +83,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - - SecRuleEngine Off - SecAuditEngine Off - - - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -185,32 +160,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - - SecRuleEngine Off - SecAuditEngine Off - - - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -298,31 +248,7 @@ <%- end -%> <%- end -%> - - - SecRuleEngine Off - - - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -394,31 +320,7 @@ <%- end -%> - - - SecRuleEngine Off - - - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> -- cgit v1.2.3