Allow configuring SecResponseBodyAccess

Author: Vincevrp

manifests/mod/security.pp

@@ -98,6 +98,9 @@
 # @param secrequestbodyaccess
 #   Toggle SecRequestBodyAccess On or Off
 # 
+# @param secresponsebodyaccess
+#   Toggle SecResponseBodyAccess On or Off
+# 
 # @param manage_security_crs
 #   Toggles whether to manage ModSecurity Core Rule Set 
 #
@@ -136,6 +139,7 @@
   Integer[1,4] $paranoia_level                          = 1,
   Integer[1,4] $executing_paranoia_level                = $paranoia_level,
   Enum['On', 'Off'] $secrequestbodyaccess               = 'On',
+  Enum['On', 'Off'] $secresponsebodyaccess              = 'Off',
   Boolean $manage_security_crs                          = true,
 ) inherits apache::params {
   include apache
@@ -202,6 +206,7 @@
   # - secrequestbodynofileslimit
   # - secrequestbodyinmemorylimit
   # - secrequestbodyaccess
+  # - secresponsebodyaccess
   file { 'security.conf':
     ensure  => file,
     content => template('apache/mod/security.conf.erb'),

templates/mod/security.conf.erb

@@ -40,7 +40,7 @@
     SecRule TX:/^MSC_/ "!@streq 0" \
       "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
 
-    SecResponseBodyAccess Off
+    SecResponseBodyAccess <%= @secresponsebodyaccess %>
     SecResponseBodyMimeType text/plain text/html text/xml
     SecResponseBodyLimit 524288
     SecResponseBodyLimitAction ProcessPartial