forked from evolix/ansible-roles
standard Evolix name is /etc/apache2/ipaddr_whitelist.conf cf https://wiki.evolix.org/HowtoApache
This commit is contained in:
parent
463ae97508
commit
e5e44d5bc1
|
@ -1,9 +1,9 @@
|
|||
---
|
||||
|
||||
- name: Init private_ipaddr_whitelist.conf file
|
||||
- name: Init ipaddr_whitelist.conf file
|
||||
copy:
|
||||
src: private_ipaddr_whitelist.conf
|
||||
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0640"
|
||||
|
@ -13,7 +13,7 @@
|
|||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_private_ipaddr_whitelist_present }}"
|
||||
|
@ -23,7 +23,7 @@
|
|||
|
||||
- name: remove IP addresses from private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_private_ipaddr_whitelist_absent }}"
|
||||
|
@ -34,7 +34,7 @@
|
|||
- name: include private IP whitelist for server-status
|
||||
lineinfile:
|
||||
dest: /etc/apache2/mods-available/status.conf
|
||||
line: " include /etc/apache2/private_ipaddr_whitelist.conf"
|
||||
line: " include /etc/apache2/ipaddr_whitelist.conf"
|
||||
insertafter: 'SetHandler server-status'
|
||||
state: present
|
||||
tags:
|
||||
|
|
|
@ -5,24 +5,24 @@
|
|||
DocumentRoot /var/www/
|
||||
|
||||
<Directory />
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
<Directory /var/www/>
|
||||
Options -Indexes
|
||||
Require all denied
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
# Munin. We need to set Directory directive as Alias take precedence.
|
||||
Alias /munin /var/cache/munin/www
|
||||
<Directory /var/cache/munin/>
|
||||
Require all denied
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
<Directory /usr/lib/munin/cgi/>
|
||||
Options -Indexes
|
||||
Require all denied
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
|
||||
|
@ -30,7 +30,7 @@
|
|||
<Directory /usr/lib/cgi-bin>
|
||||
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
||||
Require all denied
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
CustomLog /var/log/apache2/access.log vhost_combined
|
||||
|
@ -53,7 +53,7 @@
|
|||
<IfModule mod_status.c>
|
||||
<Location /server-status>
|
||||
SetHandler server-status
|
||||
include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
include /etc/apache2/ipaddr_whitelist.conf
|
||||
Require local
|
||||
</Location>
|
||||
</IfModule>
|
||||
|
@ -68,12 +68,12 @@
|
|||
DocumentRoot /var/www/
|
||||
|
||||
<Directory />
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
<Directory /var/www/>
|
||||
Options -Indexes
|
||||
Require all denied
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
SSLEngine on
|
||||
|
@ -83,19 +83,19 @@
|
|||
# We override these 2 Directory directives setted in apache2.conf.
|
||||
# We want no access except from allowed IP address.
|
||||
<Directory />
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
# Munin. We need to set Directory directive as Alias take precedence.
|
||||
Alias /munin /var/cache/munin/www
|
||||
<Directory /var/cache/munin/>
|
||||
Require all denied
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
<Directory /usr/lib/munin/cgi/>
|
||||
Options -Indexes
|
||||
Require all denied
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
|
||||
|
@ -103,7 +103,7 @@
|
|||
<Directory /usr/lib/cgi-bin>
|
||||
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
||||
Require all denied
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
CustomLog /var/log/apache2/access.log vhost_combined
|
||||
|
@ -113,7 +113,7 @@
|
|||
<IfModule mod_status.c>
|
||||
<Location /server-status>
|
||||
SetHandler server-status
|
||||
include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
include /etc/apache2/ipaddr_whitelist.conf
|
||||
Require local
|
||||
</Location>
|
||||
</IfModule>
|
||||
|
|
Loading…
Reference in a new issue