ansible-roles/packweb-apache/files/evolinux-modsec.conf

<IfModule mod_security2.c>

# enable mod_security
SecRuleEngine On
# access to request bodies
SecRequestBodyAccess On
#SecRequestBodyLimit 134217728
#SecRequestBodyInMemoryLimit 131072
# access to response bodies
SecResponseBodyAccess Off
#SecResponseBodyLimit 524288
SecResponseBodyMimeType (null) text/html text/plain text/xml
#SecServerSignature "Apache/2.2.0 (Fedora)"

SecUploadDir /tmp
SecUploadKeepFiles Off

# default action
SecDefaultAction "log,auditlog,deny,status:406,phase:2"

SecAuditEngine RelevantOnly
#SecAuditLogRelevantStatus "^[45]"
# use only one log file
SecAuditLogType Serial
# audit log file
SecAuditLog /var/log/apache2/modsec_audit.log
# what is logged
SecAuditLogParts "ABIFHZ"

#SecArgumentSeparator "&"
SecCookieFormat 0
SecDebugLog /var/log/apache2/modsec_debug.log
SecDebugLogLevel        0

SecDataDir /tmp
SecTmpDir /tmp

#########
# RULES
#########

# File name
SecRule REQUEST_FILENAME "modsecuritytest1" "id:1"
# Complete URI
SecRule REQUEST_URI "modsecuritytest2" "id:2"
SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe" "id:3"

</IfModule>