From 550fa2b0a405e9bda6e2d82a1e423396a7ffdaa8 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Mon, 4 Jan 2010 15:26:24 -0500 Subject: add $mod_security_relevantonly flag, enabled by default, logs only on suspicious requests, set to 'false' to log all requests (as before) --- templates/vhosts/gitweb/gitweb.erb | 8 ++++++++ templates/vhosts/passenger/passenger.erb | 8 ++++++++ templates/vhosts/perl/perl.erb | 8 ++++++++ templates/vhosts/php/php.erb | 8 ++++++++ templates/vhosts/php_drupal/php_drupal.erb | 8 ++++++++ templates/vhosts/php_joomla/php_joomla.erb | 8 ++++++++ templates/vhosts/php_simplemachine/php_simplemachine.erb | 8 ++++++++ templates/vhosts/php_spip/php_spip.erb | 8 ++++++++ templates/vhosts/php_typo3/php_typo3.erb | 8 ++++++++ templates/vhosts/static/static.erb | 8 ++++++++ templates/vhosts/webdav/webdav.erb | 8 ++++++++ 11 files changed, 88 insertions(+) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index c5cbb5d..23b723f 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -49,7 +49,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -114,7 +118,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/passenger/passenger.erb b/templates/vhosts/passenger/passenger.erb index 41b903b..2c23dce 100644 --- a/templates/vhosts/passenger/passenger.erb +++ b/templates/vhosts/passenger/passenger.erb @@ -39,7 +39,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -92,7 +96,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 0e64da1..0582e73 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -54,7 +54,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -122,7 +126,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 411bfd6..4a6c829 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -57,7 +57,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -128,7 +132,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 9d54940..0367a53 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -79,7 +79,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -172,7 +176,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 4bfef81..18caff8 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -66,7 +66,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -150,7 +154,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index 72f7b38..ddb59ed 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -51,7 +51,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -116,7 +120,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index 411bfd6..4a6c829 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -57,7 +57,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -128,7 +132,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index a22c8ec..4ad4022 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -67,7 +67,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -141,7 +145,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index a7aa374..05354d6 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -39,7 +39,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -94,7 +98,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index 671ff58..336c5f6 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -56,7 +56,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off @@ -129,7 +133,11 @@ <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> SecAuditEngine On + <%- end -%> <%- else -%> SecRuleEngine Off SecAuditEngine Off -- cgit v1.2.3