SHARE
TWEET

ModSecurity2 settings for Apache BZ 61551

a guest Jan 3rd, 2018 81 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <IfModule mod_security2.c>
  2.     # Basic configuration options
  3.     SecRuleEngine On
  4.     SecRequestBodyAccess On
  5.     SecResponseBodyAccess Off
  6.  
  7.     # Debug log
  8.     SecDebugLog /var/log/httpd/modsec_debug.log
  9.     SecDebugLogLevel 0
  10.  
  11.     # Serial audit log
  12.     SecAuditEngine RelevantOnly
  13.     SecAuditLogRelevantStatus "^(?:5|4(?!04))"
  14.     SecAuditLogParts ABIJDEFHZ
  15.     SecAuditLogType Serial
  16.     SecAuditLog /var/log/httpd/modsec_audit.log
  17.  
  18.     # Maximum request body size we will
  19.     # accept for buffering
  20.     SecRequestBodyLimit 13107200
  21.  
  22.     # Up to 1MB for non-file requests and in-memory
  23.     SecRequestBodyNoFilesLimit 1048576
  24.     SecRequestBodyInMemoryLimit 1048576
  25.  
  26.     # Misc folders
  27.     SecTmpDir /var/lib/mod_security2
  28.     SecDataDir /var/lib/mod_security2
  29.  
  30.     # ModSecurity Core Rules Set and Local configuration
  31.     IncludeOptional modsecurity.d/*.conf
  32.     IncludeOptional modsecurity.d/activated_rules/*.conf
  33.     IncludeOptional modsecurity.d/local_rules/*.conf
  34.  
  35.     # Disable Status engine
  36.     SecStatusEngine Off
  37.  
  38.     # SlowLoris protection
  39.     # https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-Advanced-Topic-of-the-Week--Mitigation-of--Slow-Read--Denial-of-Service-Attack/
  40.     SecRule RESPONSE_STATUS "@Streq 408" "phase:5,t:none,log,msg:'Counter +1',pass,setvar:ip.slow_dos_counter=+1, expirevar:ip.slow_dos_counter=60,id:'10'"
  41.     SecRule IP:SLOW_DOS_COUNTER "@gt 5" "phase:1,t:none,log,deny,msg:'Client Connection Dropped due to high number of slow DoS alerts',id:'11'"
  42.     SecDefaultAction "phase:1,pause:3000,drop,nolog,auditlog"
  43.  
  44.     # Slow Read protection
  45.     SecConnEngine On
  46.     SecConnWriteStateLimit 50
  47.     SecConnReadStateLimit 50
  48. </IfModule>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top