cgoncalves / rpms / mod_security

Forked from rpms/mod_security 4 years ago
Clone

Blame SOURCES/mod_security.conf

f27b20
<IfModule mod_security2.c>
f27b20
    # Default recommended configuration
f27b20
    SecRuleEngine On
f27b20
    SecRequestBodyAccess On
f27b20
    SecRule REQUEST_HEADERS:Content-Type "text/xml" \
f27b20
         "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
f27b20
    SecRequestBodyLimit 13107200
f27b20
    SecRequestBodyNoFilesLimit 131072
f27b20
    SecRequestBodyInMemoryLimit 131072
f27b20
    SecRequestBodyLimitAction Reject
f27b20
    SecRule REQBODY_ERROR "!@eq 0" \
f27b20
    "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
f27b20
    SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
f27b20
    "id:'200002',phase:2,t:none,log,deny,status:400,msg:'Multipart request body \
f27b20
    failed strict validation: \
f27b20
    PE %{REQBODY_PROCESSOR_ERROR}, \
f27b20
    BQ %{MULTIPART_BOUNDARY_QUOTED}, \
f27b20
    BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
f27b20
    DB %{MULTIPART_DATA_BEFORE}, \
f27b20
    DA %{MULTIPART_DATA_AFTER}, \
f27b20
    HF %{MULTIPART_HEADER_FOLDING}, \
f27b20
    LF %{MULTIPART_LF_LINE}, \
f27b20
    SM %{MULTIPART_MISSING_SEMICOLON}, \
f27b20
    IQ %{MULTIPART_INVALID_QUOTING}, \
f27b20
    IP %{MULTIPART_INVALID_PART}, \
f27b20
    IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
f27b20
    FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
f27b20
f27b20
    SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
f27b20
    "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
f27b20
f27b20
    SecPcreMatchLimit 1000
f27b20
    SecPcreMatchLimitRecursion 1000
f27b20
f27b20
    SecRule TX:/^MSC_/ "!@streq 0" \
f27b20
            "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
f27b20
f27b20
    SecResponseBodyAccess Off
f27b20
    SecDebugLog /var/log/httpd/modsec_debug.log
f27b20
    SecDebugLogLevel 0
f27b20
    SecAuditEngine RelevantOnly
f27b20
    SecAuditLogRelevantStatus "^(?:5|4(?!04))"
f27b20
    SecAuditLogParts ABIJDEFHZ
f27b20
    SecAuditLogType Serial
f27b20
    SecAuditLog /var/log/httpd/modsec_audit.log
f27b20
    SecArgumentSeparator &
f27b20
    SecCookieFormat 0
f27b20
    SecTmpDir /var/lib/mod_security
f27b20
    SecDataDir /var/lib/mod_security
f27b20
f27b20
    # ModSecurity Core Rules Set and Local configuration
f27b20
	Include modsecurity.d/*.conf
f27b20
	Include modsecurity.d/activated_rules/*.conf
f27b20
	Include modsecurity.d/local_rules/*.conf
f27b20
    
f27b20
</IfModule>