add mod_security apache module

[jlambert121]

MODULES-1561: Add support for the Web Application Firewall mod_security

[igalic]

doesn't mod_security also depend on mod_uuid?

[underscorgan]

@jlambert121 it looks like this will be changing default behavior (enabling mod_sec in apache::vhost by default), unless I'm missing something. If adding the ability to manage this, I'd prefer to keep the default behavior as is.

@igalic thoughts?

[jlambert121]

@mhaskel after I looked at it again it actually didn't change the defaults, but I had to look at it again to understand it wasn't. I think that alone means it needs a rework so it makes more sense.

[jlambert121]

@mhaskel I have renamed one of the parameters in vhost, let me know if that is clearer. If you include apache::mod::security modsecurity is enabled globally. The parameters in the vhost.pp only allow overriding that global enablement/configuration.

[igalic]

sounds good to me.

[underscorgan]

The correct change here would've been changing the class title, not changing the description for the class, since apache::mod::reqtimeout is already documented above (see #960)

[underscorgan]

@jlambert121 ok, so, there was one issue with the README that I commented on, but otherwise 👍

[jlambert121]

@mhaskel thanks for the catch there - I'm not sure what I did to annoy git on the README. I just checked out the previous version of the readme and applied the updates for mod_security again.

[underscorgan]

@jlambert121 we're getting really close! Two more comments: what is the templates/mod/security_crs.conf.erb2 file for? I don't see it referenced anywhere else in your code. Also, can you add a quick section to the README for apache::security::rule_link and make sure include the expected format of the $title. Thanks for all your work on this!

[jlambert121]

The erb2 template was a development leftover - removed.
I added a description of the rule_link define in the "Private Defined Types" section.

[underscorgan]

\o/ thanks @jlambert121!