|
 |
f27b20 |
<IfModule mod_security2.c>
|
|
|
f27b20 |
# Default recommended configuration
|
|
|
f27b20 |
SecRuleEngine On
|
|
|
f27b20 |
SecRequestBodyAccess On
|
|
|
f27b20 |
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
|
|
|
f27b20 |
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
|
|
|
f27b20 |
SecRequestBodyLimit 13107200
|
|
|
f27b20 |
SecRequestBodyNoFilesLimit 131072
|
|
|
f27b20 |
SecRequestBodyInMemoryLimit 131072
|
|
|
f27b20 |
SecRequestBodyLimitAction Reject
|
|
|
f27b20 |
SecRule REQBODY_ERROR "!@eq 0" \
|
|
|
f27b20 |
"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
|
|
|
f27b20 |
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
|
|
|
f27b20 |
"id:'200002',phase:2,t:none,log,deny,status:400,msg:'Multipart request body \
|
|
|
f27b20 |
failed strict validation: \
|
|
|
f27b20 |
PE %{REQBODY_PROCESSOR_ERROR}, \
|
|
|
f27b20 |
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
|
|
|
f27b20 |
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
|
|
|
f27b20 |
DB %{MULTIPART_DATA_BEFORE}, \
|
|
|
f27b20 |
DA %{MULTIPART_DATA_AFTER}, \
|
|
|
f27b20 |
HF %{MULTIPART_HEADER_FOLDING}, \
|
|
|
f27b20 |
LF %{MULTIPART_LF_LINE}, \
|
|
|
f27b20 |
SM %{MULTIPART_MISSING_SEMICOLON}, \
|
|
|
f27b20 |
IQ %{MULTIPART_INVALID_QUOTING}, \
|
|
|
f27b20 |
IP %{MULTIPART_INVALID_PART}, \
|
|
|
f27b20 |
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
|
|
|
f27b20 |
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
|
|
|
f27b20 |
|
|
|
f27b20 |
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
|
|
|
f27b20 |
"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
|
|
|
f27b20 |
|
|
|
f27b20 |
SecPcreMatchLimit 1000
|
|
|
f27b20 |
SecPcreMatchLimitRecursion 1000
|
|
|
f27b20 |
|
|
|
f27b20 |
SecRule TX:/^MSC_/ "!@streq 0" \
|
|
|
f27b20 |
"id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
|
|
|
f27b20 |
|
|
|
f27b20 |
SecResponseBodyAccess Off
|
|
|
f27b20 |
SecDebugLog /var/log/httpd/modsec_debug.log
|
|
|
f27b20 |
SecDebugLogLevel 0
|
|
|
f27b20 |
SecAuditEngine RelevantOnly
|
|
|
f27b20 |
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
|
|
|
f27b20 |
SecAuditLogParts ABIJDEFHZ
|
|
|
f27b20 |
SecAuditLogType Serial
|
|
|
f27b20 |
SecAuditLog /var/log/httpd/modsec_audit.log
|
|
|
f27b20 |
SecArgumentSeparator &
|
|
|
f27b20 |
SecCookieFormat 0
|
|
|
f27b20 |
SecTmpDir /var/lib/mod_security
|
|
|
f27b20 |
SecDataDir /var/lib/mod_security
|
|
|
f27b20 |
|
|
|
f27b20 |
# ModSecurity Core Rules Set and Local configuration
|
|
|
f27b20 |
Include modsecurity.d/*.conf
|
|
|
f27b20 |
Include modsecurity.d/activated_rules/*.conf
|
|
|
f27b20 |
Include modsecurity.d/local_rules/*.conf
|
|
|
f27b20 |
|
|
|
f27b20 |
</IfModule>
|