Commit bf17dc91 authored by mh's avatar mh
Browse files

remove a rule that breaks multipart boundaries by default

parent da8ba659
# centos specific things
class mod_security::centos inherits mod_security::base {
if versioncmp($::operatingsystemmajrelease,'7') < 0 {
if versioncmp($acts['os']['release']['major'],'7') < 0 {
apache::config::global{'mod_security.conf':
source => [ "puppet:///modules/site_mod_security/normal/${::fqdn}/mod_security.conf",
"puppet:///modules/site_mod_security/normal/${::domain}/mod_security.conf",
......@@ -28,4 +28,14 @@ class mod_security::centos inherits mod_security::base {
mode => '0644';
}
}
# comment out an unwanted rule
# 200003 : broken multipart upload boundaries
if versioncmp($facts['os']['release']['major'],'6') > 0 {
Package<| title == 'mod_security' |> -> exec{'comment_out_rule_id_200003':
command => 'sed -i -e "s/ \(SecRule MULTIPART_UNMATCHED_BOUNDARY\)/ #\1/" -e "s/ \(\"id:\'200003\)/ #\1/" /etc/httpd/conf.d/mod_security.conf',
onlyif => 'grep -qE " (SecRule MULTIPART_UNMATCHED_BOUNDARY|\"id:\'200003)" /etc/httpd/conf.d/mod_security.conf',
notify => Service['apache'],
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment