# <%= servername %> <%- unless ssl_mode.to_s == 'only' then -%> Include conf.d/defaults.inc AddDefaultCharset utf-8 ServerName <%= servername %> <%- unless serveralias.to_s.empty? then -%> ServerAlias <%= serveralias %> <%- end -%> <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> ServerAdmin <%= server_admin %> <%- end -%> DocumentRoot <%= documentroot %>/ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s == 'itk' -%> AssignUserId <%= run_uid+" "+run_gid %> <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> <%- unless htpasswd_file.to_s == 'absent' then -%> AuthType Basic AuthName "Access fuer <%= servername %>" AuthUserFile <%= real_htpasswd_path %> require valid-user <%- end -%> php_admin_flag engine on php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> <%- unless real_php_bin_dir.to_s == 'absent' then -%> php_admin_value safe_mode_exec_dir <%= real_php_bin_dir %> <%- end -%> <%- end -%> /typo3/"> RewriteEngine on # Rewrite URLs to https that go for the admin area RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} (.*/typo3/.*) RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On SecAuditEngine On <%- else -%> SecRuleEngine Off SecAuditEngine Off <%- end -%> SecAuditLogType Concurrent SecAuditLogStorageDir <%= logdir %>/ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html SecRuleRemoveById "960010" <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> <%- unless ssl_mode.to_s == 'false' then -%> Include conf.d/defaults.inc Include conf.d/ssl_defaults.inc AddDefaultCharset utf-8 ServerName <%= servername %> <%- unless serveralias.to_s.empty? then -%> ServerAlias <%= serveralias %> <%- end -%> <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> ServerAdmin <%= server_admin %> <%- end -%> DocumentRoot <%= documentroot %>/ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- if run_mode.to_s == 'itk' -%> AssignUserId <%= run_uid+" "+run_gid %> <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> <%- unless htpasswd_file.to_s == 'absent' then -%> AuthType Basic AuthName "Access fuer <%= servername %>" AuthUserFile <%= real_htpasswd_path %> require valid-user <%- end -%> php_admin_flag engine on php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> <%- unless real_php_bin_dir.to_s == 'absent' then -%> php_admin_value safe_mode_exec_dir <%= real_php_bin_dir %> <%- end -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On SecAuditEngine On <%- else -%> SecRuleEngine Off SecAuditEngine Off <%- end -%> SecAuditLogType Concurrent SecAuditLogStorageDir <%= logdir %>/ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html SecRuleRemoveById "960010" <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%>