puppetlabs-apache icon indicating copy to clipboard operation
puppetlabs-apache copied to clipboard
verified publisher icon puppetlabs

bugfix: fix the vhost security configuration

Open JGodin-C2C opened this issue 1 year ago • 4 comments

The modified variable was never passed to the template, resulting in a bad configuration of the vhost security if secrule were removed.

JGodin-C2C avatar Feb 27 '24 14:02 JGodin-C2C

Can we launch the re-failed tests ? seems a problem on the CI side ?

JGodin-C2C avatar Feb 28 '24 12:02 JGodin-C2C

Seems to also cause a problem if the modsecure_disable_ids parameter is an Array, as the Hash Array built never gets passed to the "epp" processing

stevegreengvl avatar Apr 15 '24 08:04 stevegreengvl

@stevegreengvl I dont get it , The _modsec_disable_ids seems to be passed to the Hash "security_params" and then injected into the epp. Is there anything i missed ?

JGodin-C2C avatar Apr 15 '24 08:04 JGodin-C2C

@JGodin-C2C we have this in our PUppet code apache::vhost { 'XXX': ... modsec_disable_ids => [ array of IDs ], ...

Up to Version 11.1.0 of the Module all was fine in the generated vhost Config file, from Version 12.0 the Block below is missing from the generated file

<LocationMatch .*> SecRuleRemoveById XXXXXX SecRuleRemoveById YYYYYY </LocationMatch>

But I think this fix will resolve the issue

stevegreengvl avatar Apr 15 '24 08:04 stevegreengvl