Allow configuring SecRequestBodyAccess

Vincevrp · Vincevrp · commit a4340dbaf66e · 2022-08-03T23:50:19.000+02:00
diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp
@@ -95,6 +95,9 @@
 # @param secrequestbodyinmemorylimit
 #   Configures the maximum request body size that ModSecurity will store in memory.
 # 
+# @param secrequestbodyaccess
+#   Toggle SecRequestBodyAccess On or Off
+# 
 # @param manage_security_crs
 #   Toggles whether to manage ModSecurity Core Rule Set 
 #
@@ -132,6 +135,7 @@
   Integer $secrequestbodyinmemorylimit                  = 131072,
   Integer[1,4] $paranoia_level                          = 1,
   Integer[1,4] $executing_paranoia_level                = $paranoia_level,
+  Enum['On', 'Off'] $secrequestbodyaccess               = 'On',
   Boolean $manage_security_crs                          = true,
 ) inherits apache::params {
   include apache
@@ -197,6 +201,7 @@
   # - secrequestbodylimit
   # - secrequestbodynofileslimit
   # - secrequestbodyinmemorylimit
+  # - secrequestbodyaccess
   file { 'security.conf':
     ensure  => file,
     content => template('apache/mod/security.conf.erb'),
diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb
@@ -1,7 +1,7 @@
 <IfModule mod_security2.c>
     # Default recommended configuration
     SecRuleEngine <%= @modsec_secruleengine %>
-    SecRequestBodyAccess On
+    SecRequestBodyAccess <%= @secrequestbodyaccess %>
   <%- if @custom_rules -%>
     Include <%= @modsec_dir %>/custom_rules/*.conf
   <%- end -%>
