Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SecRuleEngine On
- SecRequestBodyAccess On
- SecRule REQUEST_HEADERS:Content-Type "text/xml" \
- "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
- SecRequestBodyLimit 1048576000
- SecRequestBodyNoFilesLimit 73400320
- SecRequestBodyInMemoryLimit 1048576
- SecRequestBodyLimitAction Reject
- SecPcreMatchLimit 500000
- SecPcreMatchLimitRecursion 500000
- SecRule TX:/^MSC_/ "!@streq 0" \
- "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
- SecResponseBodyAccess On
- SecResponseBodyMimeType text/plain text/html text/xml
- SecResponseBodyLimit 1048576
- SecResponseBodyLimitAction ProcessPartial
- SecTmpDir "C:\inetpub\temp\modsec\"
- SecDataDir "C:\inetpub\temp\modsec\"
- SecUploadDir "C:\inetpub\temp\modsec\"
- SecUploadKeepFiles RelevantOnly
- SecUploadFileMode 0640
- SecAuditEngine On
- SecStatusEngine On
- SecAuditLogParts ABIJKEFHZ
- SecAuditLogType Serial
- SecAuditLog "| C:\Windows\System32\inetsrv\mlogc.exe C:\Windows\System32\inetsrv\mlogc.conf"
- SecAuditLogStorageDir "C:\inetpub\logs\audit"
- SecArgumentSeparator &
- SecCookieFormat 0
- SecDefaultAction "phase:2,log,deny,status:403"
- SecRule REQUEST_BODY "(?:/etc/passwd|/etc/shadow|/proc/self/environ|uname -a|uname -r)"
- "phase:2,t:none,t:lowercase,log,deny,id:'99001',msg:'Custom Rules - Command execution attack'"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement