# enable mod_security SecRuleEngine On # access to request bodies SecRequestBodyAccess On #SecRequestBodyLimit 134217728 #SecRequestBodyInMemoryLimit 131072 # access to response bodies SecResponseBodyAccess Off #SecResponseBodyLimit 524288 SecResponseBodyMimeType (null) text/html text/plain text/xml #SecServerSignature "Apache/2.2.0 (Fedora)" SecUploadDir /tmp SecUploadKeepFiles Off # default action SecDefaultAction "log,auditlog,deny,status:406,phase:2" SecAuditEngine Off #SecAuditLogRelevantStatus "^[45]" # use only one log file SecAuditLogType Serial # audit log file SecAuditLog /var/log/apache2/modsec_audit.log # what is logged SecAuditLogParts "ABIFHZ" #SecArgumentSeparator "&" SecCookieFormat 0 SecDebugLog /var/log/apache2/modsec_debug.log SecDebugLogLevel 0 SecDataDir /tmp SecTmpDir /tmp ######### # RULES ######### # File name SecRule REQUEST_FILENAME "modsecuritytest1" "id:1" # Complete URI SecRule REQUEST_URI "modsecuritytest2" "id:2" SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe" "id:3" Include /usr/share/modsecurity-crs/owasp-crs.load # Removed because it does not play well with apache-itk SecRuleRemoveById "901000-901999" # Removed because IP reputation based blocking is hard to predict # and reason about SecRuleRemoveById "910000-910999"