+apache_module "evasive" do
+ conf "evasive.conf.erb"
+ only_if { node[:apache][:evasive] }
+end
+
+apache_module "brotli" do
+ conf "brotli.conf.erb"
+end
+
+apache_module "deflate" do
+ conf "deflate.conf.erb"
+end
+
+apache_module "headers"
+apache_module "ssl"
+
+apache_conf "ssl" do
+ template "ssl.erb"
+end
+
+fail2ban_filter "apache-forbidden" do
+ failregex '^<ADDR> .* "[^"]*" 403 .*$'
+end
+
+fail2ban_jail "apache-forbidden" do
+ filter "apache-forbidden"
+ logpath "/var/log/apache2/access.log"
+ ports [80, 443]
+ maxretry 50