Correction config evolinux modsec
This commit is contained in:
parent
371d7e4445
commit
133f6a7919
|
@ -825,40 +825,54 @@ Nous faisons une configuration minimale via
|
|||
`/etc/apache2/conf-available/modsecurity.conf` :
|
||||
|
||||
~~~{.apache}
|
||||
<IfModule security2_module>
|
||||
<IfModule mod_security2.c>
|
||||
|
||||
SecRuleEngine On
|
||||
SecRequestBodyAccess On
|
||||
#SecRequestBodyLimit 134217728
|
||||
#SecRequestBodyInMemoryLimit 131072
|
||||
SecResponseBodyAccess Off
|
||||
#SecResponseBodyLimit 524288
|
||||
SecResponseBodyMimeType (null) text/html text/plain text/xml
|
||||
SecUploadDir /tmp
|
||||
SecUploadKeepFiles Off
|
||||
SecDefaultAction "log,auditlog,deny,status:406,phase:2,t:none"
|
||||
SecAuditEngine Off
|
||||
#SecAuditLogRelevantStatus "^[45]"
|
||||
SecAuditLogType Serial
|
||||
SecAuditLog /var/log/apache2/modsecurity_audit.log
|
||||
SecAuditLogParts "ABIFHZ"
|
||||
#SecArgumentSeparator "&"
|
||||
SecCookieFormat 0
|
||||
SecDebugLog /var/log/apache2/modsec_debug.log
|
||||
SecDebugLogLevel 0
|
||||
SecTmpDir /tmp
|
||||
# enable mod_security
|
||||
SecRuleEngine On
|
||||
# access to request bodies
|
||||
SecRequestBodyAccess On
|
||||
#SecRequestBodyLimit 134217728
|
||||
#SecRequestBodyInMemoryLimit 131072
|
||||
# access to response bodies
|
||||
SecResponseBodyAccess Off
|
||||
#SecResponseBodyLimit 524288
|
||||
SecResponseBodyMimeType (null) text/html text/plain text/xml
|
||||
#SecServerSignature "Apache/2.2.0 (Fedora)"
|
||||
|
||||
SecRule REQUEST_FILENAME "modsecuritytest1"
|
||||
SecRule REQUEST_URI "modsecuritytest2"
|
||||
SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe"
|
||||
SecUploadDir /tmp
|
||||
SecUploadKeepFiles Off
|
||||
|
||||
# Removed because it does not play well with apache-itk
|
||||
# Can be removed when modsecurity 2.9.3 hits debian
|
||||
# See https://github.com/SpiderLabs/ModSecurity/issues/712
|
||||
SecRuleRemoveById "910000-910999"
|
||||
# default action
|
||||
SecDefaultAction "log,auditlog,deny,status:406,phase:2"
|
||||
|
||||
SecAuditEngine Off
|
||||
#SecAuditLogRelevantStatus "^[45]"
|
||||
# use only one log file
|
||||
SecAuditLogType Serial
|
||||
# audit log file
|
||||
SecAuditLog /var/log/apache2/modsec_audit.log
|
||||
# what is logged
|
||||
SecAuditLogParts "ABIFHZ"
|
||||
|
||||
#SecArgumentSeparator "&"
|
||||
SecCookieFormat 0
|
||||
SecDebugLog /var/log/apache2/modsec_debug.log
|
||||
SecDebugLogLevel 0
|
||||
|
||||
SecDataDir /tmp
|
||||
SecTmpDir /tmp
|
||||
|
||||
#########
|
||||
# RULES
|
||||
#########
|
||||
|
||||
# Removed because it does not play well with apache-itk
|
||||
# Can be removed when modsecurity 2.9.3 hits debian
|
||||
# See https://github.com/SpiderLabs/ModSecurity/issues/712
|
||||
SecRuleRemoveById "910000-910999"
|
||||
|
||||
ErrorDocument 406 http://SERVERNAME/406.html
|
||||
</IfModule>
|
||||
|
||||
~~~
|
||||
|
||||
Nous désactivons le log d'audit par défaut, puisque l’information
|
||||
|
|
Loading…
Reference in a new issue