Allow configuring SecResponseBodyAccess

manifests/mod/security.pp

@@ -91,6 +91,9 @@
 # @param secrequestbodyaccess
 #   Toggle SecRequestBodyAccess On or Off
 # 
+# @param secresponsebodyaccess
+#   Toggle SecResponseBodyAccess On or Off
+# 
 # @param manage_security_crs
 #   Toggles whether to manage ModSecurity Core Rule Set 
 #
@@ -127,6 +130,7 @@
   Integer $secrequestbodynofileslimit                   = 131072,
   Integer $secrequestbodyinmemorylimit                  = 131072,
   Enum['On', 'Off'] $secrequestbodyaccess               = 'On',
+  Enum['On', 'Off'] $secresponsebodyaccess              = 'Off',
   Boolean $manage_security_crs                          = true,
 ) inherits apache::params {
   include apache

templates/mod/security.conf.erb

@@ -40,7 +40,7 @@
     SecRule TX:/^MSC_/ "!@streq 0" \
       "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
 
-    SecResponseBodyAccess Off
+    SecResponseBodyAccess <%= @secresponsebodyaccess %>
     SecResponseBodyMimeType text/plain text/html text/xml
     SecResponseBodyLimit 524288
     SecResponseBodyLimitAction ProcessPartial