v7.2.2.0: Update WAF nginx module path in Ansible scripts

Path of the WAF nginx module in Ansible scripts has been updated from NGINX_PATH to SERVICE_PATH. This refactoring enhances the organization of the configuration files and improves code base understanding. Changes have been applied in the WAF configuration and service execution files.

app/scripts/ansible/roles/waf/templates/waf.service.j2

@@ -3,7 +3,7 @@ Description=HAProxy WAF
 After=syslog.target network.target
 
 [Service]
-ExecStart={{HAPROXY_PATH}}/waf/bin/modsecurity -n 4 -f {{HAPROXY_PATH}}/waf/modsecurity.conf
+ExecStart={{SERVICE_PATH}}/waf/bin/modsecurity -n 4 -f {{SERVICE_PATH}}/waf/modsecurity.conf
 ExecReload=/bin/kill -USR2 $MAINPID
 KillMode=mixed
 

app/scripts/ansible/roles/waf_nginx/templates/waf.conf.j2

@@ -1,31 +1,31 @@
-Include {{ NGINX_PATH }}/waf/modsecurity.conf
-Include {{ NGINX_PATH }}/waf/rulescrs-setup.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-901-INITIALIZATION.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-910-IP-REPUTATION.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-912-DOS-PROTECTION.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-913-SCANNER-DETECTION.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-921-PROTOCOL-ATTACK.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf
-Include {{ NGINX_PATH }}/waf/rules/REQUEST-949-BLOCKING-EVALUATION.conf
-Include {{ NGINX_PATH }}/waf/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
-Include {{ NGINX_PATH }}/waf/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
-Include {{ NGINX_PATH }}/waf/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
-Include {{ NGINX_PATH }}/waf/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
-Include {{ NGINX_PATH }}/waf/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
-Include {{ NGINX_PATH }}/waf/rules/RESPONSE-980-CORRELATION.conf
+Include {{ SERVICE_PATH }}/waf/modsecurity.conf
+Include {{ SERVICE_PATH }}/waf/rulescrs-setup.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-901-INITIALIZATION.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-910-IP-REPUTATION.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-912-DOS-PROTECTION.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-913-SCANNER-DETECTION.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-921-PROTOCOL-ATTACK.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf
+Include {{ SERVICE_PATH }}/waf/rules/REQUEST-949-BLOCKING-EVALUATION.conf
+Include {{ SERVICE_PATH }}/waf/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
+Include {{ SERVICE_PATH }}/waf/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
+Include {{ SERVICE_PATH }}/waf/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
+Include {{ SERVICE_PATH }}/waf/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
+Include {{ SERVICE_PATH }}/waf/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
+Include {{ SERVICE_PATH }}/waf/rules/RESPONSE-980-CORRELATION.conf

app/templates/install.html

@@ -39,8 +39,8 @@
 				</td>
 				<td class="padding10 first-collumn" style="width: 20%;">
 					{% set values = dict() %}
-					{% set values = {'2.4.23-1':'2.4.23-1','2.5.14-1':'2.5.14-1', '2.6.14-1':'2.6.14-1','2.7.9-1':'2.7.9-1','2.8.1-1':'2.8.1-1','2.9.5-1':'2.9.5-1'} %}
-					{{ select('hapver',  values=values, selected='2.9.5-1', required='required') }}
+					{% set values = {'2.4.23-1':'2.4.23-1','2.5.14-1':'2.5.14-1', '2.6.14-1':'2.6.14-1','2.7.9-1':'2.7.9-1','2.8.1-1':'2.8.1-1','2.9.6-1':'2.9.6-1'} %}
+					{{ select('hapver',  values=values, selected='2.9.6-1', required='required') }}
 				</td>
 				<td class="padding10 first-collumn">
 					<select autofocus required name="haproxyaddserv" id="haproxyaddserv">