- # This is the ModSecurity Core Rules Set.
-
- # Basic configuration goes in here
- Include conf.d/modsecurity.d/modsecurity.conf-minimal
- Include conf.d/modsecurity.d/modsecurity_crs_10_config.conf
-
- # Protocol violation and anomalies.
-
- Include conf.d/modsecurity.d/modsecurity_crs_20_protocol_violations.conf
- Include conf.d/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf
-
- # HTTP policy rules
-
- Include conf.d/modsecurity.d/modsecurity_crs_30_http_policy.conf
-
- # Here comes the Bad Stuff...
-
- Include conf.d/modsecurity.d/modsecurity_crs_35_bad_robots.conf
- Include conf.d/modsecurity.d/modsecurity_crs_40_generic_attacks.conf
- Include conf.d/modsecurity.d/modsecurity_crs_45_trojans.conf
- Include conf.d/modsecurity.d/modsecurity_crs_50_outbound.conf
-
- # Search engines and other crawlers. Only useful if you want to track
- # Google / Yahoo et. al.
-
- # Include modsecurity.d/modsecurity_crs_55_marketing.conf
-
- Include conf.d/modsecurity.d/modsecurity_crs_23_request_limits.conf
- Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_converter.conf
- Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_filters.conf
- Include conf.d/modsecurity.d/modsecurity_crs_41_sql_injection_attacks.conf
- Include conf.d/modsecurity.d/modsecurity_crs_41_xss_attacks.conf
- Include conf.d/modsecurity.d/modsecurity_crs_42_tight_security.conf
- Include conf.d/modsecurity.d/modsecurity_crs_47_common_exceptions.conf
- Include conf.d/modsecurity.d/modsecurity_crs_48_local_exceptions.conf
- Include conf.d/modsecurity.d/modsecurity_crs_49_enforcement.conf
- Include conf.d/modsecurity.d/modsecurity_crs_49_inbound_blocking.conf
-
- # Optional rules
-
- # Include conf.d/modsecurity.d/modsecurity_crs_40_experimental.conf
- # Include conf.d/modsecurity.d/modsecurity_crs_42_comment_spam.conf
- # Include conf.d/modsecurity.d/modsecurity_crs_46_et_sql_injection.conf
- # Include conf.d/modsecurity.d/modsecurity_crs_46_et_web_rules.conf
- # <IfModule mod_headers.c>
- # Include conf.d/modsecurity.d/modsecurity_crs_49_header_tagging.conf
- # </IfModule>
- # Include conf.d/modsecurity.d/modsecurity_crs_59_outbound_blocking.conf
- # Include conf.d/modsecurity.d/modsecurity_crs_60_correlation.conf
-
- # Put your local rules in here.
-
- Include conf.d/modsecurity.d/modsecurity_localrules.conf
-
- SecDataDir /var/run/httpd
+ # ModSecurity Core Rules Set configuration
+
+ Include conf.d/modsecurity.d/*.conf
+ Include conf.d/modsecurity.d/activated_rules/*.conf
+
+ # Default recommended configuration
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRule REQUEST_HEADERS:Content-Type "text/xml" \
+ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+ SecRequestBodyLimit 13107200
+ SecRequestBodyNoFilesLimit 131072
+ SecRequestBodyInMemoryLimit 131072
+ SecRequestBodyLimitAction Reject
+ SecRule REQBODY_ERROR "!@eq 0" \
+ "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
+ "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
+ failed strict validation: \
+ PE %{REQBODY_PROCESSOR_ERROR}, \
+ BQ %{MULTIPART_BOUNDARY_QUOTED}, \
+ BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
+ DB %{MULTIPART_DATA_BEFORE}, \
+ DA %{MULTIPART_DATA_AFTER}, \
+ HF %{MULTIPART_HEADER_FOLDING}, \
+ LF %{MULTIPART_LF_LINE}, \
+ SM %{MULTIPART_MISSING_SEMICOLON}, \
+ IQ %{MULTIPART_INVALID_QUOTING}, \
+ IP %{MULTIPART_INVALID_PART}, \
+ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+ FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+
+ SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
+ "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
+
+ SecPcreMatchLimit 1000
+ SecPcreMatchLimitRecursion 1000
+
+ SecRule TX:/^MSC_/ "!@streq 0" \
+ "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
+
+ SecResponseBodyAccess Off
+ SecDebugLog /var/log/httpd/modsec_debug.log
+ SecDebugLogLevel 0
+ SecAuditEngine RelevantOnly
+ SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+ SecAuditLogParts ABIJDEFHZ
+ SecAuditLogType Serial
+ SecAuditLog /var/log/httpd/modsec_audit.log
+ SecArgumentSeparator &
+ SecCookieFormat 0
+ SecTmpDir /var/lib/mod_security
+ SecDataDir /var/lib/mod_security
projects / packages / apache-mod_security.git / commitdiff