diff --git a/defaults/main.yml b/defaults/main.yml
index 9600bebaf59634b8e012d9092c97b049858f5f2b..fdf31ee81d6a45a39a94cc9f8593d4d3dd6f1cba 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -23,6 +23,7 @@ php_packages:
 php_base_dir: 'php5'
 php_conf_dir: 'conf.d'
 
+php_imagick_config_dir: '/etc/ImageMagick-6'
 php_allow_call_time_pass_reference: 'on'
 php_browscap: false
 php_date_timezone: 'Europe/Berlin'
diff --git a/tasks/php.yml b/tasks/php.yml
index 38ea28cda6c46a83d7df4b76a8bba217c70568d0..a5c981f2f8c523b9ea6ab1071f56e4ee3cdffcc7 100644
--- a/tasks/php.yml
+++ b/tasks/php.yml
@@ -113,7 +113,7 @@
 
 - name: "PHP | Ensure ImageMagick config directory"
   file:
-    dest=/etc/ImageMagick
+    dest={{ php_imagick_config_dir }}
     state=directory
     owner=root
     group=root
@@ -122,7 +122,7 @@
 - name: "PHP | ImageMagick Policy File"
   template:
     src=etc-imagemagick-policy.xml
-    dest=/etc/ImageMagick/policy.xml
+    dest={{ php_imagick_config_dir }}/policy.xml
     owner=root
     group=root
     mode='644'
diff --git a/templates/etc-imagemagick-policy.xml b/templates/etc-imagemagick-policy.xml
index 19823c14c779758f2bc36e557b2f0eb6c3e10167..a35edf5274c59a80424849545062033f6437c27a 100644
--- a/templates/etc-imagemagick-policy.xml
+++ b/templates/etc-imagemagick-policy.xml
@@ -2,7 +2,7 @@
 <!DOCTYPE policymap [
 <!ELEMENT policymap (policy)+>
 <!ELEMENT policy (#PCDATA)>
-<!ATTLIST policy domain (delegate|coder|filter|path|resource) #IMPLIED>
+<!ATTLIST policy domain (delegate|cache|coder|filter|path|resource) #IMPLIED>
 <!ATTLIST policy name CDATA #IMPLIED>
 <!ATTLIST policy rights CDATA #IMPLIED>
 <!ATTLIST policy pattern CDATA #IMPLIED>
@@ -54,8 +54,10 @@
   <!-- <policy domain="resource" name="file" value="768"/> -->
   <!-- <policy domain="resource" name="thread" value="4"/> -->
   <!-- <policy domain="resource" name="throttle" value="0"/> -->
-  <!-- <policy domain="resource" name="time" value="3600"/> -->
+  <policy domain="resource" name="time" value="30"/>
+  <policy domain="cache" name="shared-secret" value="passphrase"/>
   <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+  <policy domain="coder" rights="none" pattern="URL" />
   <policy domain="coder" rights="none" pattern="HTTPS" />
   <policy domain="coder" rights="none" pattern="MVG" />
   <policy domain="coder" rights="none" pattern="MSL" />
@@ -63,4 +65,5 @@
   <policy domain="coder" rights="none" pattern="SHOW" />
   <policy domain="coder" rights="none" pattern="WIN" />
   <policy domain="coder" rights="none" pattern="PLT" />
+  <policy domain="path" rights="none" pattern="@*" />
 </policymap>