- updated config auto/th/apache-mod_security-2.7.3-2
authorJan Rękorajski <baggins@pld-linux.org>
Tue, 7 May 2013 17:56:23 +0000 (19:56 +0200)
committerJan Rękorajski <baggins@pld-linux.org>
Tue, 7 May 2013 17:56:23 +0000 (19:56 +0200)
- package private state dir
- rel 2

apache-mod_security.conf
apache-mod_security.spec

index 84332fa..3a905a6 100644 (file)
@@ -5,59 +5,57 @@
 LoadModule security2_module modules/mod_security2.so
 
 <IfModule mod_security2.c>
-       # This is the ModSecurity Core Rules Set.
-
-       # Basic configuration goes in here
-       Include conf.d/modsecurity.d/modsecurity.conf-minimal
-       Include conf.d/modsecurity.d/modsecurity_crs_10_config.conf
-
-       # Protocol violation and anomalies.
-
-       Include conf.d/modsecurity.d/modsecurity_crs_20_protocol_violations.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf
-
-       # HTTP policy rules
-
-       Include conf.d/modsecurity.d/modsecurity_crs_30_http_policy.conf
-
-       # Here comes the Bad Stuff...
-
-       Include conf.d/modsecurity.d/modsecurity_crs_35_bad_robots.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_40_generic_attacks.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_45_trojans.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_50_outbound.conf
-
-       # Search engines and other crawlers. Only useful if you want to track
-       # Google / Yahoo et. al.
-
-       # Include modsecurity.d/modsecurity_crs_55_marketing.conf
-
-       Include conf.d/modsecurity.d/modsecurity_crs_23_request_limits.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_converter.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_filters.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_41_sql_injection_attacks.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_41_xss_attacks.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_42_tight_security.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_47_common_exceptions.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_48_local_exceptions.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_49_enforcement.conf
-       Include conf.d/modsecurity.d/modsecurity_crs_49_inbound_blocking.conf
-
-       # Optional rules
-
-       # Include conf.d/modsecurity.d/modsecurity_crs_40_experimental.conf
-       # Include conf.d/modsecurity.d/modsecurity_crs_42_comment_spam.conf
-       # Include conf.d/modsecurity.d/modsecurity_crs_46_et_sql_injection.conf
-       # Include conf.d/modsecurity.d/modsecurity_crs_46_et_web_rules.conf
-       # <IfModule mod_headers.c>
-       #       Include conf.d/modsecurity.d/modsecurity_crs_49_header_tagging.conf
-       # </IfModule>
-       # Include conf.d/modsecurity.d/modsecurity_crs_59_outbound_blocking.conf
-       # Include conf.d/modsecurity.d/modsecurity_crs_60_correlation.conf
-
-       # Put your local rules in here.
-
-       Include conf.d/modsecurity.d/modsecurity_localrules.conf
-
-       SecDataDir      /var/run/httpd
+       # ModSecurity Core Rules Set configuration
+
+       Include conf.d/modsecurity.d/*.conf
+       Include conf.d/modsecurity.d/activated_rules/*.conf
+
+       # Default recommended configuration
+       SecRuleEngine On
+       SecRequestBodyAccess On
+       SecRule REQUEST_HEADERS:Content-Type "text/xml" \
+               "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+       SecRequestBodyLimit 13107200
+       SecRequestBodyNoFilesLimit 131072
+       SecRequestBodyInMemoryLimit 131072
+       SecRequestBodyLimitAction Reject
+       SecRule REQBODY_ERROR "!@eq 0" \
+               "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+       SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
+               "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
+               failed strict validation: \
+               PE %{REQBODY_PROCESSOR_ERROR}, \
+               BQ %{MULTIPART_BOUNDARY_QUOTED}, \
+               BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
+               DB %{MULTIPART_DATA_BEFORE}, \
+               DA %{MULTIPART_DATA_AFTER}, \
+               HF %{MULTIPART_HEADER_FOLDING}, \
+               LF %{MULTIPART_LF_LINE}, \
+               SM %{MULTIPART_MISSING_SEMICOLON}, \
+               IQ %{MULTIPART_INVALID_QUOTING}, \
+               IP %{MULTIPART_INVALID_PART}, \
+               IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+               FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+
+       SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
+               "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
+
+       SecPcreMatchLimit 1000
+       SecPcreMatchLimitRecursion 1000
+
+       SecRule TX:/^MSC_/ "!@streq 0" \
+               "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
+
+       SecResponseBodyAccess Off
+       SecDebugLog /var/log/httpd/modsec_debug.log
+       SecDebugLogLevel 0
+       SecAuditEngine RelevantOnly
+       SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+       SecAuditLogParts ABIJDEFHZ
+       SecAuditLogType Serial
+       SecAuditLog /var/log/httpd/modsec_audit.log
+       SecArgumentSeparator &
+       SecCookieFormat 0
+       SecTmpDir /var/lib/mod_security
+       SecDataDir /var/lib/mod_security
 </IfModule>
index 3b2f486..e0c50f1 100644 (file)
@@ -4,7 +4,7 @@ Summary:        Apache module: securing web applications
 Summary(pl.UTF-8):     Moduł do apache: ochrona aplikacji WWW
 Name:          apache-mod_%{mod_name}
 Version:       2.7.3
-Release:       1
+Release:       2
 License:       GPL v2
 Group:         Networking/Daemons/HTTP
 Source0:       http://www.modsecurity.org/tarball/%{version}//modsecurity-apache_%{version}.tar.gz
@@ -57,13 +57,13 @@ This package contains the ModSecurity Audit Log Collector.
 
 %install
 rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{apachelibdir},%{apacheconfdir}} \
-       install -d $RPM_BUILD_ROOT{/var/log/mlogc/data,%{_bindir},%{_sysconfdir}}
+install -d $RPM_BUILD_ROOT{%{apachelibdir},%{apacheconfdir}/modsecurity.d} \
+       $RPM_BUILD_ROOT{/var/log/mlogc/data,%{_bindir},%{_sysconfdir}} \
+       $RPM_BUILD_ROOT/var/lib/%{name}
 
 install apache2/.libs/mod_%{mod_name}2.so $RPM_BUILD_ROOT%{apachelibdir}
 cp -a %{SOURCE1} $RPM_BUILD_ROOT%{apacheconfdir}/90_mod_%{mod_name}.conf
 
-install -d $RPM_BUILD_ROOT%{apacheconfdir}/modsecurity.d/blocking
 cp -a modsecurity.conf-recommended $RPM_BUILD_ROOT%{apacheconfdir}/modsecurity.d
 echo '# Drop your local rules in here.' > $RPM_BUILD_ROOT%{apacheconfdir}/modsecurity.d/modsecurity_localrules.conf
 
@@ -89,6 +89,7 @@ fi
 %dir %{apacheconfdir}/modsecurity.d
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{apacheconfdir}/modsecurity.d/*.*
 %attr(755,root,root) %{apachelibdir}/*.so
+%attr(770,http,root) %dir /var/lib/%{name}
 
 %files -n mlogc
 %defattr(644,root,root,755)
This page took 0.157127 seconds and 4 git commands to generate.