Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # cat modsecurity.conf | grep -v '^#' | grep -v '^$'
- SecRuleEngine DetectionOnly
- SecRequestBodyAccess On
- SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
- "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
- SecRule REQUEST_HEADERS:Content-Type "application/json" \
- "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
- SecRequestBodyLimit 13107200
- SecRequestBodyNoFilesLimit 131072
- SecRequestBodyInMemoryLimit 131072
- SecRequestBodyLimitAction Reject
- SecRule REQBODY_ERROR "!@eq 0" \
- "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
- SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
- "id:'200003',phase:2,t:none,log,deny,status:400, \
- msg:'Multipart request body failed strict validation: \
- PE %{REQBODY_PROCESSOR_ERROR}, \
- BQ %{MULTIPART_BOUNDARY_QUOTED}, \
- BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
- DB %{MULTIPART_DATA_BEFORE}, \
- DA %{MULTIPART_DATA_AFTER}, \
- HF %{MULTIPART_HEADER_FOLDING}, \
- LF %{MULTIPART_LF_LINE}, \
- SM %{MULTIPART_MISSING_SEMICOLON}, \
- IQ %{MULTIPART_INVALID_QUOTING}, \
- IP %{MULTIPART_INVALID_PART}, \
- IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
- FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
- SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
- "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
- SecPcreMatchLimit 100000
- SecPcreMatchLimitRecursion 100000
- SecRule TX:/^MSC_/ "!@streq 0" \
- "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
- SecResponseBodyAccess Off
- SecResponseBodyMimeType text/plain text/html text/xml
- SecResponseBodyLimit 524288
- SecResponseBodyLimitAction ProcessPartial
- SecTmpDir /tmp/
- SecDataDir /tmp/
- SecDebugLog /var/log/apache2/modsecurity-debug.log
- SecDebugLogLevel 3
- SecAuditEngine RelevantOnly
- SecAuditLogRelevantStatus "^(?:5|4(?!04|10|51))"
- SecAuditLogParts ABDEFHIJKZ
- SecAuditLogType Serial
- SecAuditLog /var/log/apache2/modsec_audit.log
- SecArgumentSeparator &
- SecCookieFormat 0
- SecUnicodeMapFile unicode.mapping 20127
- SecStatusEngine On
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement