AllowEncodedSlashes can have a server default set with the apache cla…

…ss, and overridden with an apache::vhost declaration

README.md

@@ -226,6 +226,10 @@ You may establish a default vhost in this class, the `vhost` class, or both. You
 
 **Parameters within `apache`:**
 
+#####`allow_encoded_slashes`
+
+This sets the server default for the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) which modifies the responses to URLs with `\` and `/` characters. The default is undefined, which will omit the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`.
+
 #####`apache_version`
 
 Configures the behavior of the module templates, package names, and default mods by setting the Apache version. Default is determined by the class `apache::version` using the OS family and release. It should not be configured manually without special reason.
@@ -902,6 +906,10 @@ For `alias` and `aliasmatch` to work, each will need a corresponding context, su
 
 *Note:* If `apache::mod::passenger` is loaded and `PassengerHighPerformance => true` is set, then Alias may have issues honoring the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.
 
+#####`allow_encoded_slashes`
+
+This sets the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) for the vhost, overriding the server default. This modifies the vhost responses to URLs with `\` and `/` characters. The default is undefined, which will omit the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`.
+
 #####`block`
 
 Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories.

manifests/init.pp

@@ -63,6 +63,7 @@
   $server_tokens          = 'OS',
   $server_signature       = 'On',
   $trace_enable           = 'On',
+  $allow_encoded_slashes  = undef,
   $package_ensure         = 'installed',
 ) inherits ::apache::params {
   validate_bool($default_vhost)
@@ -80,6 +81,10 @@
     validate_re($mpm_module, $valid_mpms_re)
   }
 
+  if $allow_encoded_slashes {
+    validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.")
+  }
+
   # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package.
   # NOTE: the same strategy may be introduced for other OSes. For this, you
   # should delete the 'if' block below and modify all MPM modules' manifests

manifests/vhost.pp

@@ -96,6 +96,7 @@
   $fastcgi_dir                 = undef,
   $additional_includes         = [],
   $apache_version              = $::apache::apache_version,
+  $allow_encoded_slashes       = undef,
   $suexec_user_group           = undef,
 ) {
   # The base class must be included first because it is used by parameter defaults
@@ -122,6 +123,8 @@
     validate_hash($rewrites[0])
   }
 
+  # Input validation begins
+
   if $suexec_user_group {
     validate_re($suexec_user_group, '^\w+ \w+$',
     "${suexec_user_group} is not supported for suexec_user_group.  Must be 'user group'.")
@@ -182,6 +185,12 @@
     validate_string($custom_fragment)
   }
 
+  if $allow_encoded_slashes {
+    validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.")
+  }
+
+  # Input validation ends
+
   if $ssl and $ensure == 'present' {
     include ::apache::mod::ssl
     # Required for the AddType lines.

spec/classes/apache_spec.rb

@@ -94,6 +94,14 @@
       it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} }
     end
 
+    context "when specifying slash encoding behaviour" do
+      let :params do
+        { :allow_encoded_slashes => 'nodecode' }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AllowEncodedSlashes nodecode$} }
+    end
+
     # Assert that both load files and conf files are placed and symlinked for these mods
     [
       'alias',
@@ -305,6 +313,14 @@
         it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} }
       end
 
+      context "when specifying slash encoding behaviour" do
+        let :params do
+          { :allow_encoded_slashes => 'nodecode' }
+        end
+
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AllowEncodedSlashes nodecode$} }
+      end
+
       it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} }
       it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} }
       it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} }

spec/defines/vhost_spec.rb

@@ -231,6 +231,7 @@
           'additional_includes'         => '/custom/path/includes',
           'apache_version'              => '2.4',
           'suexec_user_group'           => 'root root',
+          'allow_encoded_slashes'       => 'nodecode'
         }
       end
       let :facts do

templates/httpd.conf.erb

@@ -35,6 +35,9 @@ HostnameLookups Off
 ErrorLog "<%= @logroot %>/<%= @error_log %>"
 LogLevel <%= @log_level %>
 EnableSendfile <%= @sendfile %>
+<%- if @allow_encoded_slashes -%>
+AllowEncodedSlashes <%= @allow_encoded_slashes %>
+<%- end -%>
 
 #Listen 80
 

templates/vhost.conf.erb

@@ -22,6 +22,9 @@
 <% if @fallbackresource -%>
   FallbackResource <%= @fallbackresource %>
 <% end -%>
+<%- if @allow_encoded_slashes -%>
+  AllowEncodedSlashes <%= @allow_encoded_slashes %>
+<%- end -%>
 
   ## Directories, there should at least be a declaration for <%= @docroot %>
 <%= scope.function_template(['apache/vhost/_directories.erb']) -%>