]> git.donarmstrong.com Git - dsa-puppet.git/blobdiff - 3rdparty/modules/apache/templates/vhost/_security.erb
projects / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
try again, with puppetforge modules, correctly included now
[dsa-puppet.git] / 3rdparty / modules / apache / templates / vhost / _security.erb
diff --git a/3rdparty/modules/apache/templates/vhost/_security.erb b/3rdparty/modules/apache/templates/vhost/_security.erb
new file mode 100644 (file)
index 0000000..5ab0a5b
--- /dev/null
+++ b/3rdparty/modules/apache/templates/vhost/_security.erb
@@ -0,0 +1,20 @@
+<% if @modsec_disable_vhost -%>
+  SecRuleEngine Off
+<% end -%>
+<% if @_modsec_disable_ids.is_a?(Hash) -%>
+<%   @_modsec_disable_ids.each do |location,rules| -%>
+  <LocationMatch <%= location %>>
+<%     Array(rules).each do |rule| -%>
+    SecRuleRemoveById <%= rule %>
+<%     end -%>
+  </LocationMatch>
+<%   end -%>
+<% end -%>
+<% ips = Array(@modsec_disable_ips).join(',') %>
+<% if ips != '' %>
+  SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455"
+  SecAction  "phase:2,pass,nolog,id:1234123456"
+<% end -%>
+<% if @modsec_body_limit -%>
+  SecRequestBodyLimit <%= @modsec_body_limit %>
+<% end -%>
Unnamed repository; edit this file 'description' to name the repository.