templates/vhosts/partials/mod_security.erb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

  <IfModule mod_security2.c>
<% if @mod_security.to_s == 'true' -%>
    SecRuleEngine On
<%   if @mod_security_relevantonly.to_s == 'true' -%>
    SecAuditEngine RelevantOnly
<%   else -%>
    SecAuditEngine On
<%   end -%>
<% else -%>
    SecRuleEngine Off
    SecAuditEngine Off
<% end -%>
    SecAuditLogType Concurrent
    SecAuditLogStorageDir <%= @logdir %>/
    SecAuditLog <%= @logdir %>/mod_security_audit.log
    SecDebugLog <%= @logdir %>/mod_security_debug.log
<% unless (disabled_rules=Array(@mod_security_rules_to_disable)).empty? -%>

<%    disabled_rules.each do |rule| -%>
    SecRuleRemoveById "<%= rule %>"
<%   end -%>
<% end -%>
<% unless (s=@mod_security_additional_options).to_s == 'absent' -%>

    <%= s %>
<% end -%>
  </IfModule>