Guest User

ModSecurity2 settings for Apache BZ 61551

a guest
Jan 3rd, 2018
119
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <IfModule mod_security2.c>
  2. # Basic configuration options
  3. SecRuleEngine On
  4. SecRequestBodyAccess On
  5. SecResponseBodyAccess Off
  6.  
  7. # Debug log
  8. SecDebugLog /var/log/httpd/modsec_debug.log
  9. SecDebugLogLevel 0
  10.  
  11. # Serial audit log
  12. SecAuditEngine RelevantOnly
  13. SecAuditLogRelevantStatus "^(?:5|4(?!04))"
  14. SecAuditLogParts ABIJDEFHZ
  15. SecAuditLogType Serial
  16. SecAuditLog /var/log/httpd/modsec_audit.log
  17.  
  18. # Maximum request body size we will
  19. # accept for buffering
  20. SecRequestBodyLimit 13107200
  21.  
  22. # Up to 1MB for non-file requests and in-memory
  23. SecRequestBodyNoFilesLimit 1048576
  24. SecRequestBodyInMemoryLimit 1048576
  25.  
  26. # Misc folders
  27. SecTmpDir /var/lib/mod_security2
  28. SecDataDir /var/lib/mod_security2
  29.  
  30. # ModSecurity Core Rules Set and Local configuration
  31. IncludeOptional modsecurity.d/*.conf
  32. IncludeOptional modsecurity.d/activated_rules/*.conf
  33. IncludeOptional modsecurity.d/local_rules/*.conf
  34.  
  35. # Disable Status engine
  36. SecStatusEngine Off
  37.  
  38. # SlowLoris protection
  39. # https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-Advanced-Topic-of-the-Week--Mitigation-of--Slow-Read--Denial-of-Service-Attack/
  40. SecRule RESPONSE_STATUS "@Streq 408" "phase:5,t:none,log,msg:'Counter +1',pass,setvar:ip.slow_dos_counter=+1, expirevar:ip.slow_dos_counter=60,id:'10'"
  41. SecRule IP:SLOW_DOS_COUNTER "@gt 5" "phase:1,t:none,log,deny,msg:'Client Connection Dropped due to high number of slow DoS alerts',id:'11'"
  42. SecDefaultAction "phase:1,pause:3000,drop,nolog,auditlog"
  43.  
  44. # Slow Read protection
  45. SecConnEngine On
  46. SecConnWriteStateLimit 50
  47. SecConnReadStateLimit 50
  48. </IfModule>
RAW Paste Data