Correction config evolinux modsec

2019-06-06 11:29:14 +02:00 · 2019-06-06 11:29:14 +02:00 · 133f6a7919
parent 371d7e4445
commit 133f6a7919
1 changed files with 43 additions and 29 deletions
--- a/HowtoApache.md
+++ b/HowtoApache.md
@ -825,40 +825,54 @@ Nous faisons une configuration minimale via
 `/etc/apache2/conf-available/modsecurity.conf` :

 ~~~{.apache}
-<IfModule security2_module>
+<IfModule mod_security2.c>

-    SecRuleEngine On
-    SecRequestBodyAccess On
-    #SecRequestBodyLimit 134217728
-    #SecRequestBodyInMemoryLimit 131072
-    SecResponseBodyAccess Off
-    #SecResponseBodyLimit 524288
-    SecResponseBodyMimeType (null) text/html text/plain text/xml
-    SecUploadDir /tmp
-    SecUploadKeepFiles Off
-    SecDefaultAction "log,auditlog,deny,status:406,phase:2,t:none"
-    SecAuditEngine Off
-    #SecAuditLogRelevantStatus "^[45]"
-    SecAuditLogType Serial
-    SecAuditLog /var/log/apache2/modsecurity_audit.log
-    SecAuditLogParts "ABIFHZ"
-    #SecArgumentSeparator "&"
-    SecCookieFormat 0
-    SecDebugLog /var/log/apache2/modsec_debug.log
-    SecDebugLogLevel        0
-    SecTmpDir /tmp
+# enable mod_security
+SecRuleEngine On
+# access to request bodies
+SecRequestBodyAccess On
+#SecRequestBodyLimit 134217728
+#SecRequestBodyInMemoryLimit 131072
+# access to response bodies
+SecResponseBodyAccess Off
+#SecResponseBodyLimit 524288
+SecResponseBodyMimeType (null) text/html text/plain text/xml
+#SecServerSignature "Apache/2.2.0 (Fedora)"

-    SecRule REQUEST_FILENAME "modsecuritytest1"
-    SecRule REQUEST_URI "modsecuritytest2"
-    SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe"
+SecUploadDir /tmp
+SecUploadKeepFiles Off

-    # Removed because it does not play well with apache-itk
-    # Can be removed when modsecurity 2.9.3 hits debian
-    # See https://github.com/SpiderLabs/ModSecurity/issues/712
-    SecRuleRemoveById "910000-910999"
+# default action
+SecDefaultAction "log,auditlog,deny,status:406,phase:2"
+
+SecAuditEngine Off
+#SecAuditLogRelevantStatus "^[45]"
+# use only one log file
+SecAuditLogType Serial
+# audit log file
+SecAuditLog /var/log/apache2/modsec_audit.log
+# what is logged
+SecAuditLogParts "ABIFHZ"
+
+#SecArgumentSeparator "&"
+SecCookieFormat 0
+SecDebugLog /var/log/apache2/modsec_debug.log
+SecDebugLogLevel        0
+
+SecDataDir /tmp
+SecTmpDir /tmp
+
+#########
+# RULES
+#########
+
+# Removed because it does not play well with apache-itk
+# Can be removed when modsecurity 2.9.3 hits debian
+# See https://github.com/SpiderLabs/ModSecurity/issues/712
+SecRuleRemoveById "910000-910999"

-    ErrorDocument 406 http://SERVERNAME/406.html
 </IfModule>
+
 ~~~

 Nous désactivons le log d'audit par défaut, puisque l’information