From 9f2727f55f1246baedd0580dbf42bbf27f08c6ae Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Fri, 2 Nov 2018 17:31:22 -0400
Subject: [PATCH] Removes modsecurity audit log and rules 910* and 901*

---
 packweb-apache/files/evolinux-modsec.conf | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/packweb-apache/files/evolinux-modsec.conf b/packweb-apache/files/evolinux-modsec.conf
index d78c0d9f..d78a715d 100644
--- a/packweb-apache/files/evolinux-modsec.conf
+++ b/packweb-apache/files/evolinux-modsec.conf
@@ -18,7 +18,7 @@ SecUploadKeepFiles Off
 # default action
 SecDefaultAction "log,auditlog,deny,status:406,phase:2"
 
-SecAuditEngine RelevantOnly
+SecAuditEngine Off
 #SecAuditLogRelevantStatus "^[45]"
 # use only one log file
 SecAuditLogType Serial
@@ -45,4 +45,13 @@ SecRule REQUEST_FILENAME "modsecuritytest1" "id:1"
 SecRule REQUEST_URI "modsecuritytest2" "id:2"
 SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe" "id:3"
 
+Include /usr/share/modsecurity-crs/owasp-crs.load
+
+# Removed because it does not play well with apache-itk
+SecRuleRemoveById "901000-901999"
+
+# Removed because IP reputation based blocking is hard to predict
+# and reason about
+SecRuleRemoveById "910000-910999"
+
 </IfModule>