From c11c6224daccc4718c8bf3061eb164dd1e7e399a Mon Sep 17 00:00:00 2001
From: Roman Mueller <roman.mueller@gmail.com>
Date: Sun, 18 Jan 2015 14:55:49 +0100
Subject: [PATCH] MODULES-1622: Allow multiple Deny directives in a directory

---
 README.md                        |  2 +-
 spec/defines/vhost_spec.rb       | 19 ++++++++++++++-----
 templates/vhost/_directories.erb |  8 +++++++-
 3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 484bb3eb7..b821c6513 100644
--- a/README.md
+++ b/README.md
@@ -1697,7 +1697,7 @@ Pass a string of custom configuration directives to be placed at the end of the
 
 ######`deny`
 
-Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower.
+Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one.
 
 ```puppet
     apache::vhost { 'sample.example.net':
diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb
index 66b186250..1d442ae3d 100644
--- a/spec/defines/vhost_spec.rb
+++ b/spec/defines/vhost_spec.rb
@@ -147,11 +147,20 @@
           'access_log_format'           => '%h %l %u %t \"%r\" %>s %b',
           'access_log_env_var'          => '',
           'aliases'                     => '/image',
-          'directories'                 => {
-            'path'     => '/var/www/files',
-            'provider' => 'files',
-            'deny'     => 'from all'
-          },
+          'directories'                 => [
+            {
+              'path'     => '/var/www/files',
+              'provider' => 'files',
+              'allow'    => [ 'from 127.0.0.1', 'from 127.0.0.2', ],
+              'deny'     => [ 'from 127.0.0.3', 'from 127.0.0.4', ],
+            },
+            {
+              'path'     => '/var/www/foo',
+              'provider' => 'files',
+              'allow'    => 'from 127.0.0.1',
+              'deny'     => 'from all',
+            },
+          ],
           'error_log'                   => false,
           'error_log_file'              => 'httpd_error_log',
           'error_log_pipe'              => '',
diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb
index 703afaa8d..41916f3fe 100644
--- a/templates/vhost/_directories.erb
+++ b/templates/vhost/_directories.erb
@@ -55,8 +55,14 @@
       <%- else -%>
     Order allow,deny
       <%- end -%>
-      <%- if directory['deny'] and directory['deny'] != '' -%>
+      <%- if directory['deny'] and ! [ false, 'false', '' ].include?(directory['deny']) -%>
+        <%- if directory['deny'].kind_of?(Array) -%>
+          <%- Array(directory['deny']).each do |restrict| -%>
+    Deny <%=  restrict %>
+          <%- end -%>
+        <%- else -%>
     Deny <%= directory['deny'] %>
+        <%- end -%>
       <%- end -%>
       <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%>
         <%- if directory['allow'].kind_of?(Array) -%>