2017-03-21 17:35:42 +01:00
|
|
|
<IfModule mod_security2.c>
|
|
|
|
|
|
|
|
# enable mod_security
|
|
|
|
SecRuleEngine On
|
|
|
|
# access to request bodies
|
|
|
|
SecRequestBodyAccess On
|
|
|
|
#SecRequestBodyLimit 134217728
|
|
|
|
#SecRequestBodyInMemoryLimit 131072
|
|
|
|
# access to response bodies
|
|
|
|
SecResponseBodyAccess Off
|
|
|
|
#SecResponseBodyLimit 524288
|
|
|
|
SecResponseBodyMimeType (null) text/html text/plain text/xml
|
|
|
|
#SecServerSignature "Apache/2.2.0 (Fedora)"
|
|
|
|
|
|
|
|
SecUploadDir /tmp
|
|
|
|
SecUploadKeepFiles Off
|
|
|
|
|
|
|
|
# default action
|
|
|
|
SecDefaultAction "log,auditlog,deny,status:406,phase:2"
|
|
|
|
|
2018-11-02 22:31:22 +01:00
|
|
|
SecAuditEngine Off
|
2017-03-21 17:35:42 +01:00
|
|
|
#SecAuditLogRelevantStatus "^[45]"
|
|
|
|
# use only one log file
|
|
|
|
SecAuditLogType Serial
|
|
|
|
# audit log file
|
|
|
|
SecAuditLog /var/log/apache2/modsec_audit.log
|
|
|
|
# what is logged
|
|
|
|
SecAuditLogParts "ABIFHZ"
|
|
|
|
|
|
|
|
#SecArgumentSeparator "&"
|
|
|
|
SecCookieFormat 0
|
|
|
|
SecDebugLog /var/log/apache2/modsec_debug.log
|
|
|
|
SecDebugLogLevel 0
|
|
|
|
|
|
|
|
SecDataDir /tmp
|
|
|
|
SecTmpDir /tmp
|
|
|
|
|
|
|
|
#########
|
|
|
|
# RULES
|
|
|
|
#########
|
|
|
|
|
2018-11-07 17:45:02 +01:00
|
|
|
# Removed because it does not play well with apache-itk
|
|
|
|
# Can be removed when modsecurity 2.9.3 hits debian
|
|
|
|
# See https://github.com/SpiderLabs/ModSecurity/issues/712
|
2018-11-02 22:31:22 +01:00
|
|
|
SecRuleRemoveById "910000-910999"
|
|
|
|
|
2017-03-21 17:35:42 +01:00
|
|
|
</IfModule>
|