]> git.pld-linux.org Git - packages/apache-mod_security.git/blobdiff - apache-mod_security.conf
projects / packages / apache-mod_security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- updated config
[packages/apache-mod_security.git] / apache-mod_security.conf
diff --git a/apache-mod_security.conf b/apache-mod_security.conf
index 84332fa66af385f0d96449b34725a304c8cb6f6d..3a905a679e261033da804e6559500cccdb496535 100644 (file)
--- a/apache-mod_security.conf
+++ b/apache-mod_security.conf
@@ -5,59 +5,57 @@
 LoadModule security2_module modules/mod_security2.so
 
 <IfModule mod_security2.c>
-       # This is the ModSecurity Core Rules Set.
-
-       # Basic configuration goes in here
-       Include conf.d/modsecurity.d/modsecurity.conf-minimal
-       Include conf.d/modsecurity.d/modsecurity_crs_10_config.conf
-
-       # Protocol violation and anomalies.
-
-       Include conf.d/modsecurity.d/modsecurity_crs_20_protocol_violations.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf
-
-       # HTTP policy rules
-
-       Include conf.d/modsecurity.d/modsecurity_crs_30_http_policy.conf
-
-       # Here comes the Bad Stuff...
-
-       Include conf.d/modsecurity.d/modsecurity_crs_35_bad_robots.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_40_generic_attacks.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_45_trojans.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_50_outbound.conf
-
-       # Search engines and other crawlers. Only useful if you want to track
-       # Google / Yahoo et. al.
-
-       # Include modsecurity.d/modsecurity_crs_55_marketing.conf
-
-       Include conf.d/modsecurity.d/modsecurity_crs_23_request_limits.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_converter.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_filters.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_41_sql_injection_attacks.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_41_xss_attacks.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_42_tight_security.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_47_common_exceptions.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_48_local_exceptions.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_49_enforcement.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_49_inbound_blocking.conf
-
-       # Optional rules
-
-       # Include conf.d/modsecurity.d/modsecurity_crs_40_experimental.conf
-       # Include conf.d/modsecurity.d/modsecurity_crs_42_comment_spam.conf
-       # Include conf.d/modsecurity.d/modsecurity_crs_46_et_sql_injection.conf
-       # Include conf.d/modsecurity.d/modsecurity_crs_46_et_web_rules.conf
-       # <IfModule mod_headers.c>
-       #       Include conf.d/modsecurity.d/modsecurity_crs_49_header_tagging.conf
-       # </IfModule>
-       # Include conf.d/modsecurity.d/modsecurity_crs_59_outbound_blocking.conf
-       # Include conf.d/modsecurity.d/modsecurity_crs_60_correlation.conf
-
-       # Put your local rules in here.
-
-       Include conf.d/modsecurity.d/modsecurity_localrules.conf
-
-       SecDataDir      /var/run/httpd
+       # ModSecurity Core Rules Set configuration
+
+       Include conf.d/modsecurity.d/*.conf
+       Include conf.d/modsecurity.d/activated_rules/*.conf
+
+       # Default recommended configuration
+       SecRuleEngine On
+       SecRequestBodyAccess On
+       SecRule REQUEST_HEADERS:Content-Type "text/xml" \
+               "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+       SecRequestBodyLimit 13107200
+       SecRequestBodyNoFilesLimit 131072
+       SecRequestBodyInMemoryLimit 131072
+       SecRequestBodyLimitAction Reject
+       SecRule REQBODY_ERROR "!@eq 0" \
+               "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+       SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
+               "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
+               failed strict validation: \
+               PE %{REQBODY_PROCESSOR_ERROR}, \
+               BQ %{MULTIPART_BOUNDARY_QUOTED}, \
+               BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
+               DB %{MULTIPART_DATA_BEFORE}, \
+               DA %{MULTIPART_DATA_AFTER}, \
+               HF %{MULTIPART_HEADER_FOLDING}, \
+               LF %{MULTIPART_LF_LINE}, \
+               SM %{MULTIPART_MISSING_SEMICOLON}, \
+               IQ %{MULTIPART_INVALID_QUOTING}, \
+               IP %{MULTIPART_INVALID_PART}, \
+               IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+               FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+
+       SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
+               "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
+
+       SecPcreMatchLimit 1000
+       SecPcreMatchLimitRecursion 1000
+
+       SecRule TX:/^MSC_/ "!@streq 0" \
+               "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
+
+       SecResponseBodyAccess Off
+       SecDebugLog /var/log/httpd/modsec_debug.log
+       SecDebugLogLevel 0
+       SecAuditEngine RelevantOnly
+       SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+       SecAuditLogParts ABIJDEFHZ
+       SecAuditLogType Serial
+       SecAuditLog /var/log/httpd/modsec_audit.log
+       SecArgumentSeparator &
+       SecCookieFormat 0
+       SecTmpDir /var/lib/mod_security
+       SecDataDir /var/lib/mod_security
 </IfModule>
Apache module: securing web applications
This page took 0.038482 seconds and 4 git commands to generate.