apache-mod_security.conf

   1 # Configuration file for the mod_security Apache module
   2
   3 #LoadFile LIBDIR/libxml2.so.2
   4
   5 LoadModule security2_module modules/mod_security2.so
   6
   7 <IfModule mod_security2.c>
   8         # ModSecurity Core Rules Set configuration
   9
  10         Include conf.d/modsecurity.d/*.conf
  11         Include conf.d/modsecurity.d/activated_rules/*.conf
  12
  13         # Default recommended configuration
  14         SecRuleEngine On
  15         SecRequestBodyAccess On
  16         SecRule REQUEST_HEADERS:Content-Type "text/xml" \
  17                 "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
  18         SecRequestBodyLimit 13107200
  19         SecRequestBodyNoFilesLimit 131072
  20         SecRequestBodyInMemoryLimit 131072
  21         SecRequestBodyLimitAction Reject
  22         SecRule REQBODY_ERROR "!@eq 0" \
  23                 "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
  24         SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
  25                 "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
  26                 failed strict validation: \
  27                 PE %{REQBODY_PROCESSOR_ERROR}, \
  28                 BQ %{MULTIPART_BOUNDARY_QUOTED}, \
  29                 BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
  30                 DB %{MULTIPART_DATA_BEFORE}, \
  31                 DA %{MULTIPART_DATA_AFTER}, \
  32                 HF %{MULTIPART_HEADER_FOLDING}, \
  33                 LF %{MULTIPART_LF_LINE}, \
  34                 SM %{MULTIPART_MISSING_SEMICOLON}, \
  35                 IQ %{MULTIPART_INVALID_QUOTING}, \
  36                 IP %{MULTIPART_INVALID_PART}, \
  37                 IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
  38                 FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
  39
  40         SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
  41                 "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
  42
  43         SecPcreMatchLimit 1000
  44         SecPcreMatchLimitRecursion 1000
  45
  46         SecRule TX:/^MSC_/ "!@streq 0" \
  47                 "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
  48
  49         SecResponseBodyAccess Off
  50         SecDebugLog /var/log/httpd/modsec_debug.log
  51         SecDebugLogLevel 0
  52         SecAuditEngine RelevantOnly
  53         SecAuditLogRelevantStatus "^(?:5|4(?!04))"
  54         SecAuditLogParts ABIJDEFHZ
  55         SecAuditLogType Serial
  56         SecAuditLog /var/log/httpd/modsec_audit.log
  57         SecArgumentSeparator &
  58         SecCookieFormat 0
  59         SecTmpDir /var/lib/mod_security
  60         SecDataDir /var/lib/mod_security
  61 </IfModule>