# enable mod_security SecRuleEngine On # access to request bodies SecRequestBodyAccess On #SecRequestBodyLimit 134217728 #SecRequestBodyInMemoryLimit 131072 # access to response bodies SecResponseBodyAccess Off #SecResponseBodyLimit 524288 SecResponseBodyMimeType (null) text/html text/plain text/xml #SecServerSignature "Apache/2.2.0 (Fedora)" SecUploadDir /tmp SecUploadKeepFiles Off # default action SecDefaultAction "log,auditlog,deny,status:406,phase:2" SecAuditEngine RelevantOnly #SecAuditLogRelevantStatus "^[45]" # use only one log file SecAuditLogType Serial # audit log file SecAuditLog /var/log/apache2/modsec_audit.log # what is logged SecAuditLogParts "ABIFHZ" #SecArgumentSeparator "&" SecCookieFormat 0 SecDebugLog /var/log/apache2/modsec_debug.log SecDebugLogLevel 0 SecDataDir /tmp SecTmpDir /tmp ######### # RULES ######### # File name SecRule REQUEST_FILENAME "modsecuritytest1" "id:1" # Complete URI SecRule REQUEST_URI "modsecuritytest2" "id:2" SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe" "id:3"