From 81f60a7b0d69fe95f31b37b2592722cf38706888 Mon Sep 17 00:00:00 2001 From: Olivier Navas Date: Sun, 12 Jun 2022 23:11:33 +0200 Subject: [PATCH] =?UTF-8?q?Ajout=20de=20param=C3=A8tres=20reverse=20proxy:?= =?UTF-8?q?=20possibilit=C3=A9=20de=20configurer=20le=20CSP=20et=20ajout?= =?UTF-8?q?=20d'une=20exception=20modsecurity?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- templates/1_vhost_additional.conf | 4 ++++ templates/2_mds_exclusion.conf | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 250ac2d..f58c5cd 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ docker_grav_rp_waf: "On" | docker_grav_rp_access_policy | | Modèle d'autorisation d'accès du reverse proxy | | docker_grav_rp_indexing | | Stratégie du reverse proxy vis à vis des robots | | docker_grav_rp_waf | | Activation websecurity du reverse proxy | -| | | | +| docker_grav_rp_custom_csp | non défini | Si précisé, définit un CSP header avec la valeur indiquée | diff --git a/templates/1_vhost_additional.conf b/templates/1_vhost_additional.conf index 6e28790..8d3f81d 100644 --- a/templates/1_vhost_additional.conf +++ b/templates/1_vhost_additional.conf @@ -3,6 +3,10 @@ ProxyErrorOverride off RequestHeader unset Authorization +{% if docker_grav_rp_custom_csp is defined %} +Header set Content-Security-Policy "{{ docker_grav_rp_custom_csp }}" +{% endif %} + Use LDAPUserAccessPolicy Require ldap-user {{ docker_grav_ldap_admin_users | join(' ') }} diff --git a/templates/2_mds_exclusion.conf b/templates/2_mds_exclusion.conf index 5fe2b7d..fb481a9 100644 --- a/templates/2_mds_exclusion.conf +++ b/templates/2_mds_exclusion.conf @@ -1,6 +1,7 @@ # {{ ansible_managed }} SecRuleRemoveById 933210 + SecRuleRemoveById 942100 SecRuleRemoveById 949110