Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <IfModule mod_security2.c>
- # Basic configuration options
- SecRuleEngine On
- SecRequestBodyAccess On
- SecResponseBodyAccess Off
- # Debug log
- SecDebugLog /var/log/httpd/modsec_debug.log
- SecDebugLogLevel 0
- # Serial audit log
- SecAuditEngine RelevantOnly
- SecAuditLogRelevantStatus "^(?:5|4(?!04))"
- SecAuditLogParts ABIJDEFHZ
- SecAuditLogType Serial
- SecAuditLog /var/log/httpd/modsec_audit.log
- # Maximum request body size we will
- # accept for buffering
- SecRequestBodyLimit 13107200
- # Up to 1MB for non-file requests and in-memory
- SecRequestBodyNoFilesLimit 1048576
- SecRequestBodyInMemoryLimit 1048576
- # Misc folders
- SecTmpDir /var/lib/mod_security2
- SecDataDir /var/lib/mod_security2
- # ModSecurity Core Rules Set and Local configuration
- IncludeOptional modsecurity.d/*.conf
- IncludeOptional modsecurity.d/activated_rules/*.conf
- IncludeOptional modsecurity.d/local_rules/*.conf
- # Disable Status engine
- SecStatusEngine Off
- # SlowLoris protection
- # https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-Advanced-Topic-of-the-Week--Mitigation-of--Slow-Read--Denial-of-Service-Attack/
- SecRule RESPONSE_STATUS "@Streq 408" "phase:5,t:none,log,msg:'Counter +1',pass,setvar:ip.slow_dos_counter=+1, expirevar:ip.slow_dos_counter=60,id:'10'"
- SecRule IP:SLOW_DOS_COUNTER "@gt 5" "phase:1,t:none,log,deny,msg:'Client Connection Dropped due to high number of slow DoS alerts',id:'11'"
- SecDefaultAction "phase:1,pause:3000,drop,nolog,auditlog"
- # Slow Read protection
- SecConnEngine On
- SecConnWriteStateLimit 50
- SecConnReadStateLimit 50
- </IfModule>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement