use hardening alias.conf ( Options -Indexes +MultiViews -FollowSymLinks )

TelekomLabs-DCO-1.1-Signed-off-by: Edmund Haselwanter <me@ehaselwanter.com> (github: ehaselwanter)

Author: ehaselwanter

manifests/puppetlabs.pp

@@ -30,6 +30,7 @@
   $apache_version = $apache::apache_version
   $confd_dir = $apache::confd_dir
   $conf_dir = $apache::conf_dir
+  $mod_dir = $apache::mod_dir
 
   file { "${confd_dir}/90.hardening.conf":
     ensure  => file,
@@ -50,4 +51,10 @@
     path   => ['/bin','/usr/bin', '/usr/sbin'],
     unless => "find ${conf_dir} -perm -o+r -type f -o -perm -o+w -type f | wc -l | egrep '^0$'"
   }
+
+  File['alias.conf'] {
+    content => template('apache_hardening/mod/alias.conf.erb'),
+    mode   => '0640',
+  }
+
 }

templates/mod/alias.conf.erb

@@ -0,0 +1,13 @@
+<IfModule alias_module>
+Alias /icons/ "<%= @icons_path %>/"
+<Directory "<%= @icons_path %>">
+    Options -Indexes +MultiViews -FollowSymLinks
+    AllowOverride None
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+    Require all granted
+<%- else -%>
+     Order allow,deny
+     Allow from all
+<%- end -%>
+</Directory>
+</IfModule>