templates/vhosts/partials/mod_security.erb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

  <IfModule mod_security2.c>
<% if mod_security.to_s == 'true' -%>
    SecRuleEngine On
<%   if mod_security_relevantonly.to_s == 'true' -%>
    SecAuditEngine RelevantOnly
<%   else -%>
    SecAuditEngine On
<%   end -%>
<% else -%>
    SecRuleEngine Off
    SecAuditEngine Off
<% end -%>
    SecAuditLogType Concurrent
    SecAuditLogStorageDir <%= logdir %>/
    SecAuditLog <%= logdir %>/mod_security_audit.log
    SecDebugLog <%= logdir %>/mod_security_debug.log
<% unless mod_security_rules_to_disable.to_a.empty? -%>

<%   mod_security_rules_to_disable.to_a.each do |rule| -%>
    SecRuleRemoveById "<%= rule %>"
<%   end -%>
<% end -%>
<% unless mod_security_additional_options.to_s == 'absent' -%>

    <%= mod_security_additional_options %>
<% end -%>
  </IfModule>