# Configuration file for the mod_security Apache module #LoadFile LIBDIR/libxml2.so.2 LoadModule security2_module modules/mod_security2.so # This is the ModSecurity Core Rules Set. # Basic configuration goes in here Include conf.d/modsecurity.d/modsecurity.conf-minimal Include conf.d/modsecurity.d/modsecurity_crs_10_config.conf # Protocol violation and anomalies. Include conf.d/modsecurity.d/modsecurity_crs_20_protocol_violations.conf Include conf.d/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf # HTTP policy rules Include conf.d/modsecurity.d/modsecurity_crs_30_http_policy.conf # Here comes the Bad Stuff... Include conf.d/modsecurity.d/modsecurity_crs_35_bad_robots.conf Include conf.d/modsecurity.d/modsecurity_crs_40_generic_attacks.conf Include conf.d/modsecurity.d/modsecurity_crs_45_trojans.conf Include conf.d/modsecurity.d/modsecurity_crs_50_outbound.conf # Search engines and other crawlers. Only useful if you want to track # Google / Yahoo et. al. # Include modsecurity.d/modsecurity_crs_55_marketing.conf Include conf.d/modsecurity.d/modsecurity_crs_23_request_limits.conf Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_converter.conf Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_filters.conf Include conf.d/modsecurity.d/modsecurity_crs_41_sql_injection_attacks.conf Include conf.d/modsecurity.d/modsecurity_crs_41_xss_attacks.conf Include conf.d/modsecurity.d/modsecurity_crs_42_tight_security.conf Include conf.d/modsecurity.d/modsecurity_crs_47_common_exceptions.conf Include conf.d/modsecurity.d/modsecurity_crs_48_local_exceptions.conf Include conf.d/modsecurity.d/modsecurity_crs_49_enforcement.conf Include conf.d/modsecurity.d/modsecurity_crs_49_inbound_blocking.conf # Optional rules # Include conf.d/modsecurity.d/modsecurity_crs_40_experimental.conf # Include conf.d/modsecurity.d/modsecurity_crs_42_comment_spam.conf # Include conf.d/modsecurity.d/modsecurity_crs_46_et_sql_injection.conf # Include conf.d/modsecurity.d/modsecurity_crs_46_et_web_rules.conf # # Include conf.d/modsecurity.d/modsecurity_crs_49_header_tagging.conf # # Include conf.d/modsecurity.d/modsecurity_crs_59_outbound_blocking.conf # Include conf.d/modsecurity.d/modsecurity_crs_60_correlation.conf # Put your local rules in here. Include conf.d/modsecurity.d/modsecurity_localrules.conf SecDataDir /var/run/httpd