evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

Removes modsecurity audit log and rules 910* and 901*

Browse source
This commit is contained in:
Patrick Marchand 2018-11-02 17:31:22 -04:00
parent cfb87a7b65
commit 9f2727f55f
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
packweb-apache/files/evolinux-modsec.conf
View file

@ -18,7 +18,7 @@ SecUploadKeepFiles Off
# default action # default action
SecDefaultAction "log,auditlog,deny,status:406,phase:2" SecDefaultAction "log,auditlog,deny,status:406,phase:2"
SecAuditEngine RelevantOnly SecAuditEngine Off
#SecAuditLogRelevantStatus "^[45]" #SecAuditLogRelevantStatus "^[45]"
# use only one log file # use only one log file
SecAuditLogType Serial SecAuditLogType Serial
@ -45,4 +45,13 @@ SecRule REQUEST_FILENAME "modsecuritytest1" "id:1"
SecRule REQUEST_URI "modsecuritytest2" "id:2" SecRule REQUEST_URI "modsecuritytest2" "id:2"
SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe" "id:3" SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe" "id:3"
Include /usr/share/modsecurity-crs/owasp-crs.load
# Removed because it does not play well with apache-itk
SecRuleRemoveById "901000-901999"
# Removed because IP reputation based blocking is hard to predict
# and reason about
SecRuleRemoveById "910000-910999"
</IfModule> </IfModule>