From 133f6a791959724ed4845df8c15b068d774e29d5 Mon Sep 17 00:00:00 2001
From: lpoujol <lpoujol+gitit@evolix.fr>
Date: Thu, 6 Jun 2019 11:29:14 +0200
Subject: [PATCH] Correction config evolinux modsec

---
 HowtoApache.md | 72 ++++++++++++++++++++++++++++++--------------------
 1 file changed, 43 insertions(+), 29 deletions(-)

diff --git a/HowtoApache.md b/HowtoApache.md
index b66a9257..f96417fa 100644
--- a/HowtoApache.md
+++ b/HowtoApache.md
@@ -825,40 +825,54 @@ Nous faisons une configuration minimale via
 `/etc/apache2/conf-available/modsecurity.conf` :
 
 ~~~{.apache}
-<IfModule security2_module>
+<IfModule mod_security2.c>
 
-    SecRuleEngine On
-    SecRequestBodyAccess On
-    #SecRequestBodyLimit 134217728
-    #SecRequestBodyInMemoryLimit 131072
-    SecResponseBodyAccess Off
-    #SecResponseBodyLimit 524288
-    SecResponseBodyMimeType (null) text/html text/plain text/xml
-    SecUploadDir /tmp
-    SecUploadKeepFiles Off
-    SecDefaultAction "log,auditlog,deny,status:406,phase:2,t:none"
-    SecAuditEngine Off
-    #SecAuditLogRelevantStatus "^[45]"
-    SecAuditLogType Serial
-    SecAuditLog /var/log/apache2/modsecurity_audit.log
-    SecAuditLogParts "ABIFHZ"
-    #SecArgumentSeparator "&"
-    SecCookieFormat 0
-    SecDebugLog /var/log/apache2/modsec_debug.log
-    SecDebugLogLevel        0
-    SecTmpDir /tmp
+# enable mod_security
+SecRuleEngine On
+# access to request bodies
+SecRequestBodyAccess On
+#SecRequestBodyLimit 134217728
+#SecRequestBodyInMemoryLimit 131072
+# access to response bodies
+SecResponseBodyAccess Off
+#SecResponseBodyLimit 524288
+SecResponseBodyMimeType (null) text/html text/plain text/xml
+#SecServerSignature "Apache/2.2.0 (Fedora)"
 
-    SecRule REQUEST_FILENAME "modsecuritytest1"
-    SecRule REQUEST_URI "modsecuritytest2"
-    SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe"
+SecUploadDir /tmp
+SecUploadKeepFiles Off
 
-    # Removed because it does not play well with apache-itk
-    # Can be removed when modsecurity 2.9.3 hits debian
-    # See https://github.com/SpiderLabs/ModSecurity/issues/712
-    SecRuleRemoveById "910000-910999"
+# default action
+SecDefaultAction "log,auditlog,deny,status:406,phase:2"
+
+SecAuditEngine Off
+#SecAuditLogRelevantStatus "^[45]"
+# use only one log file
+SecAuditLogType Serial
+# audit log file
+SecAuditLog /var/log/apache2/modsec_audit.log
+# what is logged
+SecAuditLogParts "ABIFHZ"
+
+#SecArgumentSeparator "&"
+SecCookieFormat 0
+SecDebugLog /var/log/apache2/modsec_debug.log
+SecDebugLogLevel        0
+
+SecDataDir /tmp
+SecTmpDir /tmp
+
+#########
+# RULES
+#########
+
+# Removed because it does not play well with apache-itk
+# Can be removed when modsecurity 2.9.3 hits debian
+# See https://github.com/SpiderLabs/ModSecurity/issues/712
+SecRuleRemoveById "910000-910999"
 
-    ErrorDocument 406 http://SERVERNAME/406.html
 </IfModule>
+
 ~~~
 
 Nous désactivons le log d'audit par défaut, puisque l’information