[packages/apache-mod_security.git] / apache-mod_security.conf

# Configuration file for the mod_security Apache module

#LoadFile LIBDIR/libxml2.so.2

LoadModule security2_module modules/mod_security2.so

<IfModule mod_security2.c>
	# ModSecurity Core Rules Set configuration

	Include conf.d/modsecurity.d/*.conf
	Include conf.d/modsecurity.d/activated_rules/*.conf

	# Default recommended configuration
	SecRuleEngine On
	SecRequestBodyAccess On
	SecRule REQUEST_HEADERS:Content-Type "text/xml" \
		"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
	SecRequestBodyLimit 13107200
	SecRequestBodyNoFilesLimit 131072
	SecRequestBodyInMemoryLimit 131072
	SecRequestBodyLimitAction Reject
	SecRule REQBODY_ERROR "!@eq 0" \
		"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
	SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
		"id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
		failed strict validation: \
		PE %{REQBODY_PROCESSOR_ERROR}, \
		BQ %{MULTIPART_BOUNDARY_QUOTED}, \
		BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
		DB %{MULTIPART_DATA_BEFORE}, \
		DA %{MULTIPART_DATA_AFTER}, \
		HF %{MULTIPART_HEADER_FOLDING}, \
		LF %{MULTIPART_LF_LINE}, \
		SM %{MULTIPART_MISSING_SEMICOLON}, \
		IQ %{MULTIPART_INVALID_QUOTING}, \
		IP %{MULTIPART_INVALID_PART}, \
		IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
		FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"

	SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
		"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"

	SecPcreMatchLimit 1000
	SecPcreMatchLimitRecursion 1000

	SecRule TX:/^MSC_/ "!@streq 0" \
		"id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"

	SecResponseBodyAccess Off
	SecDebugLog /var/log/httpd/modsec_debug.log
	SecDebugLogLevel 0
	SecAuditEngine RelevantOnly
	SecAuditLogRelevantStatus "^(?:5|4(?!04))"
	SecAuditLogParts ABIJDEFHZ
	SecAuditLogType Serial
	SecAuditLog /var/log/httpd/modsec_audit.log
	SecArgumentSeparator &
	SecCookieFormat 0
	SecTmpDir /var/lib/mod_security
	SecDataDir /var/lib/mod_security
</IfModule>
Commit	Line	Data
55807361 ER	1	# Configuration file for the mod_security Apache module
	2
	3	#LoadFile LIBDIR/libxml2.so.2
	4
55807361 ER	5	LoadModule security2_module modules/mod_security2.so
	6
	7	<IfModule mod_security2.c>
8c29b745 JR	8	# ModSecurity Core Rules Set configuration
	9
	10	Include conf.d/modsecurity.d/*.conf
	11	Include conf.d/modsecurity.d/activated_rules/*.conf
	12
	13	# Default recommended configuration
	14	SecRuleEngine On
	15	SecRequestBodyAccess On
	16	SecRule REQUEST_HEADERS:Content-Type "text/xml" \
	17	"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
	18	SecRequestBodyLimit 13107200
	19	SecRequestBodyNoFilesLimit 131072
	20	SecRequestBodyInMemoryLimit 131072
	21	SecRequestBodyLimitAction Reject
	22	SecRule REQBODY_ERROR "!@eq 0" \
	23	"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
	24	SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
	25	"id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
	26	failed strict validation: \
	27	PE %{REQBODY_PROCESSOR_ERROR}, \
	28	BQ %{MULTIPART_BOUNDARY_QUOTED}, \
	29	BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
	30	DB %{MULTIPART_DATA_BEFORE}, \
	31	DA %{MULTIPART_DATA_AFTER}, \
	32	HF %{MULTIPART_HEADER_FOLDING}, \
	33	LF %{MULTIPART_LF_LINE}, \
	34	SM %{MULTIPART_MISSING_SEMICOLON}, \
	35	IQ %{MULTIPART_INVALID_QUOTING}, \
	36	IP %{MULTIPART_INVALID_PART}, \
	37	IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
	38	FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
	39
	40	SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
	41	"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
	42
	43	SecPcreMatchLimit 1000
	44	SecPcreMatchLimitRecursion 1000
	45
	46	SecRule TX:/^MSC_/ "!@streq 0" \
	47	"id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
	48
	49	SecResponseBodyAccess Off
	50	SecDebugLog /var/log/httpd/modsec_debug.log
	51	SecDebugLogLevel 0
	52	SecAuditEngine RelevantOnly
	53	SecAuditLogRelevantStatus "^(?:5\|4(?!04))"
	54	SecAuditLogParts ABIJDEFHZ
	55	SecAuditLogType Serial
	56	SecAuditLog /var/log/httpd/modsec_audit.log
	57	SecArgumentSeparator &
	58	SecCookieFormat 0
	59	SecTmpDir /var/lib/mod_security
	60	SecDataDir /var/lib/mod_security
55807361	61	</IfModule>