Correction config evolinux modsec
This commit is contained in:
parent
371d7e4445
commit
133f6a7919
|
|
@ -825,40 +825,54 @@ Nous faisons une configuration minimale via
|
||||||
`/etc/apache2/conf-available/modsecurity.conf` :
|
`/etc/apache2/conf-available/modsecurity.conf` :
|
||||||
|
|
||||||
~~~{.apache}
|
~~~{.apache}
|
||||||
<IfModule security2_module>
|
<IfModule mod_security2.c>
|
||||||
|
|
||||||
SecRuleEngine On
|
# enable mod_security
|
||||||
SecRequestBodyAccess On
|
SecRuleEngine On
|
||||||
#SecRequestBodyLimit 134217728
|
# access to request bodies
|
||||||
#SecRequestBodyInMemoryLimit 131072
|
SecRequestBodyAccess On
|
||||||
SecResponseBodyAccess Off
|
#SecRequestBodyLimit 134217728
|
||||||
#SecResponseBodyLimit 524288
|
#SecRequestBodyInMemoryLimit 131072
|
||||||
SecResponseBodyMimeType (null) text/html text/plain text/xml
|
# access to response bodies
|
||||||
SecUploadDir /tmp
|
SecResponseBodyAccess Off
|
||||||
SecUploadKeepFiles Off
|
#SecResponseBodyLimit 524288
|
||||||
SecDefaultAction "log,auditlog,deny,status:406,phase:2,t:none"
|
SecResponseBodyMimeType (null) text/html text/plain text/xml
|
||||||
SecAuditEngine Off
|
#SecServerSignature "Apache/2.2.0 (Fedora)"
|
||||||
#SecAuditLogRelevantStatus "^[45]"
|
|
||||||
SecAuditLogType Serial
|
|
||||||
SecAuditLog /var/log/apache2/modsecurity_audit.log
|
|
||||||
SecAuditLogParts "ABIFHZ"
|
|
||||||
#SecArgumentSeparator "&"
|
|
||||||
SecCookieFormat 0
|
|
||||||
SecDebugLog /var/log/apache2/modsec_debug.log
|
|
||||||
SecDebugLogLevel 0
|
|
||||||
SecTmpDir /tmp
|
|
||||||
|
|
||||||
SecRule REQUEST_FILENAME "modsecuritytest1"
|
SecUploadDir /tmp
|
||||||
SecRule REQUEST_URI "modsecuritytest2"
|
SecUploadKeepFiles Off
|
||||||
SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe"
|
|
||||||
|
|
||||||
# Removed because it does not play well with apache-itk
|
# default action
|
||||||
# Can be removed when modsecurity 2.9.3 hits debian
|
SecDefaultAction "log,auditlog,deny,status:406,phase:2"
|
||||||
# See https://github.com/SpiderLabs/ModSecurity/issues/712
|
|
||||||
SecRuleRemoveById "910000-910999"
|
SecAuditEngine Off
|
||||||
|
#SecAuditLogRelevantStatus "^[45]"
|
||||||
|
# use only one log file
|
||||||
|
SecAuditLogType Serial
|
||||||
|
# audit log file
|
||||||
|
SecAuditLog /var/log/apache2/modsec_audit.log
|
||||||
|
# what is logged
|
||||||
|
SecAuditLogParts "ABIFHZ"
|
||||||
|
|
||||||
|
#SecArgumentSeparator "&"
|
||||||
|
SecCookieFormat 0
|
||||||
|
SecDebugLog /var/log/apache2/modsec_debug.log
|
||||||
|
SecDebugLogLevel 0
|
||||||
|
|
||||||
|
SecDataDir /tmp
|
||||||
|
SecTmpDir /tmp
|
||||||
|
|
||||||
|
#########
|
||||||
|
# RULES
|
||||||
|
#########
|
||||||
|
|
||||||
|
# Removed because it does not play well with apache-itk
|
||||||
|
# Can be removed when modsecurity 2.9.3 hits debian
|
||||||
|
# See https://github.com/SpiderLabs/ModSecurity/issues/712
|
||||||
|
SecRuleRemoveById "910000-910999"
|
||||||
|
|
||||||
ErrorDocument 406 http://SERVERNAME/406.html
|
|
||||||
</IfModule>
|
</IfModule>
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
Nous désactivons le log d'audit par défaut, puisque l’information
|
Nous désactivons le log d'audit par défaut, puisque l’information
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue