58 lines
1.3 KiB
Plaintext
58 lines
1.3 KiB
Plaintext
<IfModule mod_security2.c>
|
|
|
|
# enable mod_security
|
|
SecRuleEngine On
|
|
# access to request bodies
|
|
SecRequestBodyAccess On
|
|
#SecRequestBodyLimit 134217728
|
|
#SecRequestBodyInMemoryLimit 131072
|
|
# access to response bodies
|
|
SecResponseBodyAccess Off
|
|
#SecResponseBodyLimit 524288
|
|
SecResponseBodyMimeType (null) text/html text/plain text/xml
|
|
#SecServerSignature "Apache/2.2.0 (Fedora)"
|
|
|
|
SecUploadDir /tmp
|
|
SecUploadKeepFiles Off
|
|
|
|
# default action
|
|
SecDefaultAction "log,auditlog,deny,status:406,phase:2"
|
|
|
|
SecAuditEngine Off
|
|
#SecAuditLogRelevantStatus "^[45]"
|
|
# use only one log file
|
|
SecAuditLogType Serial
|
|
# audit log file
|
|
SecAuditLog /var/log/apache2/modsec_audit.log
|
|
# what is logged
|
|
SecAuditLogParts "ABIFHZ"
|
|
|
|
#SecArgumentSeparator "&"
|
|
SecCookieFormat 0
|
|
SecDebugLog /var/log/apache2/modsec_debug.log
|
|
SecDebugLogLevel 0
|
|
|
|
SecDataDir /tmp
|
|
SecTmpDir /tmp
|
|
|
|
#########
|
|
# RULES
|
|
#########
|
|
|
|
# File name
|
|
SecRule REQUEST_FILENAME "modsecuritytest1" "id:1"
|
|
# Complete URI
|
|
SecRule REQUEST_URI "modsecuritytest2" "id:2"
|
|
SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe" "id:3"
|
|
|
|
Include /usr/share/modsecurity-crs/owasp-crs.load
|
|
|
|
# Removed because it does not play well with apache-itk
|
|
SecRuleRemoveById "901000-901999"
|
|
|
|
# Removed because IP reputation based blocking is hard to predict
|
|
# and reason about
|
|
SecRuleRemoveById "910000-910999"
|
|
|
|
</IfModule>
|