Skip to content

Commit

Permalink
(MODULES-2616) Optionally set LimitRequestFieldSize on an apache::vhost
Browse files Browse the repository at this point in the history
Support setting of LimitRequestFieldSize on a vhost.

```puppet
apache::vhost{'foo':
  limit_request_field_size => 1234
}
```

by default value is unset.

http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfieldsize
https://tickets.puppetlabs.com/browse/MODULES-2616
  • Loading branch information
traylenator committed Sep 23, 2015
1 parent 9fd8ac4 commit 10d632b
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 0 deletions.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2009,6 +2009,10 @@ Location of the Kerberos V5 keytab file. Not set by default.

Strips @REALM from username for further use. Not set by default.

##### `limit_request_field_size`

[Limits](http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfieldsize) the size of the HTTP request header allowed from the client. Default is 'undef'.

##### `logroot`

Specifies the location of the virtual host's logfiles. Defaults to '/var/log/<apache log location>/'.
Expand Down
14 changes: 14 additions & 0 deletions manifests/vhost.pp
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@
$krb_auth_realms = [],
$krb_5keytab = undef,
$krb_local_user_mapping = undef,
$limit_request_field_size = undef,
) {
# The base class must be included first because it is used by parameter defaults
if ! defined(Class['apache']) {
Expand Down Expand Up @@ -222,6 +223,10 @@
}

validate_bool($auth_kerb)

if $limit_request_field_size {
validate_integer($limit_request_field_size)
}
# Input validation ends

if $ssl and $ensure == 'present' {
Expand Down Expand Up @@ -946,6 +951,15 @@
content => template('apache/vhost/_filters.erb'),
}
}
# Template uses:
# - $limit_request_field_size
if $limit_request_field_size {
concat::fragment { "${name}-limits":
target => "${priority_real}${filename}.conf",
order => 330,
content => template('apache/vhost/_limits.erb'),
}
}

# Template uses no variables
concat::fragment { "${name}-file_footer":
Expand Down
4 changes: 4 additions & 0 deletions spec/defines/vhost_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,7 @@
'krb_auth_realms' => ['EXAMPLE.ORG','EXAMPLE.NET'],
'krb_5keytab' => '/tmp/keytab5',
'krb_local_user_mapping' => 'off',
'limit_request_field_size' => '54321',
}
end
let :facts do
Expand Down Expand Up @@ -450,6 +451,8 @@
:content => /^\s+Krb5Keytab\s\/tmp\/keytab5$/)}
it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
:content => /^\s+KrbLocalUserMapping\soff$/)}
it { is_expected.to contain_concat__fragment('rspec.example.com-limits').with(
:content => /^\s+LimitRequestFieldSize\s54321$/)}
end
context 'set only aliases' do
let :params do
Expand Down Expand Up @@ -601,6 +604,7 @@
it { is_expected.to_not contain_concat__fragment('rspec.example.com-fastcgi') }
it { is_expected.to_not contain_concat__fragment('rspec.example.com-suexec') }
it { is_expected.to_not contain_concat__fragment('rspec.example.com-charsets') }
it { is_expected.to_not contain_concat__fragment('rspec.example.com-limits') }
it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') }
end
end
Expand Down
5 changes: 5 additions & 0 deletions templates/vhost/_limits.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@

## Limit Request Values
<% if @limit_request_field_size -%>
LimitRequestFieldSize <%= @limit_request_field_size %>
<% end -%>

0 comments on commit 10d632b

Please sign in to comment.