apache-formula/apache/mod_security/rules.sls

{%- set apache = pillar.get('apache', {}) %}
{%- set mod_security = apache.get('mod_security', {}) %}
{%- if mod_security.get('manage_config', False) %}

include:
  - apache.mod_security

{%- for rule_name, rule_details in mod_security.get('rules', {}).items() %}
  {% set rule_set = rule_details.get('rule_set', '') %}
  {% set enabled = rule_details.get('enabled', False ) %}
  {%- if enabled %}
/etc/modsecurity/{{ rule_name }}:
  file.symlink:
    - target: /usr/share/modsecurity-crs/{{ rule_set }}/{{ rule_name }}
    - user: root
    - group: root
    - mode: 755
  {%- else %}
/etc/modsecurity/{{ rule_name }}:
  file.absent:
    - name: /etc/modsecurity/{{ rule_name }}
  {%- endif %}

{%- endfor %}

{%- for custom_rule, custom_rule_details in mod_security.get('custom_rule_files', {}).items() %}
  {% set file = custom_rule_details.get('file', None) %}
  {% set path = custom_rule_details.get('path', None) %}
  {% set enabled = custom_rule_details.get('enabled', False ) %}

  {%- if enabled %}
/etc/modsecurity/{{ file }}:
  file.managed:
    - source: {{ path }}
    - user: root
    - group: root
    - mode: 755
  {%- else %}
/etc/modsecurity/{{ file }}:
  file.absent:
    - name: /etc/modsecurity/{{ file }}
  {%- endif %}
{%- endfor %}

{% endif %}