From f614f355a6321285406fe7cb23a664e302e1d79c Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Thu, 17 Mar 2011 13:14:22 +0100
Subject: add mod_security stuff to the new default template

---
 templates/vhosts/default.erb | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'templates')

diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb
index 69af8f0..41879c8 100644
--- a/templates/vhosts/default.erb
+++ b/templates/vhosts/default.erb
@@ -22,6 +22,26 @@ vhost_parts.each do |vhost_part|
   <% else -%>
 <%= scope.function_template(template_partial) %>
   <% end -%>
+  <IfModule mod_security2.c>
+    <%- if mod_security.to_s == 'true' then -%>
+    SecRuleEngine On
+    <%- if mod_security_relevantonly.to_s == 'true' then -%>
+    SecAuditEngine RelevantOnly
+    <%- else -%>
+    SecAuditEngine On
+    <%- end -%>
+    <%- else -%>
+    SecRuleEngine Off
+    SecAuditEngine Off
+    <%- end -%>
+    SecAuditLogType Concurrent
+    SecAuditLogStorageDir <%= logdir %>/
+    SecAuditLog <%= logdir %>/mod_security_audit.log
+    SecDebugLog <%= logdir %>/mod_security_debug.log
+  </IfModule>
 
+  <%- unless additional_options.to_s == 'absent' then -%>
+  <%= additional_options %>
+  <%- end -%>
 </VirtualHost>
-<% end -%>
+<% end -%>
\ No newline at end of file
-- 
cgit v1.2.3