We misunsderstood how modsecurity used the init rules

They do not modify files and are necessary for the core rules to function.
Removes modsecurity audit log and rules 910* and 901*
2018-11-07 17:45:02 +01:00 · 2018-11-02 17:31:22 -04:00
1 changed files with 8 additions and 6 deletions
--- a/packweb-apache/files/evolinux-modsec.conf
+++ b/packweb-apache/files/evolinux-modsec.conf
@ -18,7 +18,7 @@ SecUploadKeepFiles Off
 # default action
 SecDefaultAction "log,auditlog,deny,status:406,phase:2"

-SecAuditEngine RelevantOnly
+SecAuditEngine Off
 #SecAuditLogRelevantStatus "^[45]"
 # use only one log file
 SecAuditLogType Serial
@ -39,10 +39,12 @@ SecTmpDir /tmp
 # RULES
 #########

-# File name
-SecRule REQUEST_FILENAME "modsecuritytest1" "id:1"
-# Complete URI
-SecRule REQUEST_URI "modsecuritytest2" "id:2"
-SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe" "id:3"
+Include /usr/share/modsecurity-crs/owasp-crs.load
+
+
+# Removed because it does not play well with apache-itk
+# Can be removed when modsecurity 2.9.3 hits debian
+# See https://github.com/SpiderLabs/ModSecurity/issues/712
+SecRuleRemoveById "910000-910999"

 </IfModule>
Author	SHA1	Message	Date
Patrick Marchand	0e98f24f42	We misunsderstood how modsecurity used the init rules They do not modify files and are necessary for the core rules to function.	2018-11-07 17:45:02 +01:00
Patrick Marchand	49aff3892c	Removes modsecurity audit log and rules 910* and 901*	2018-11-02 17:31:22 -04:00