author | Petr Sumbera <petr.sumbera@oracle.com> |
Thu, 14 Mar 2013 13:45:44 -0700 | |
changeset 1212 | 207ff3b0329a |
child 2159 | 6169d700868d |
permissions | -rw-r--r-- |
1212
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
1 |
Customize conf file for Solaris. |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
2 |
|
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
3 |
--- modsecurity-apache_2.7.2/modsecurity.conf-recommended |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
4 |
+++ modsecurity-apache_2.7.2/modsecurity.conf-recommended |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
5 |
@@ -1,3 +1,13 @@ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
6 |
+ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
7 |
+<IfDefine 64bit> |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
8 |
+LoadModule security2_module libexec/64/mod_security2.so |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
9 |
+</IfDefine> |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
10 |
+<IfDefine !64bit> |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
11 |
+LoadModule security2_module libexec/mod_security2.so |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
12 |
+</IfDefine> |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
13 |
+ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
14 |
+<IfModule mod_security2.c> |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
15 |
+ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
16 |
# -- Rule engine initialization ---------------------------------------------- |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
17 |
|
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
18 |
# Enable ModSecurity, attaching it to every transaction. Use detection |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
19 |
@@ -129,13 +139,13 @@ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
20 |
# This default setting is chosen due to all systems have /tmp available however, |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
21 |
# this is less than ideal. It is recommended that you specify a location that's private. |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
22 |
# |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
23 |
-SecTmpDir /tmp/ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
24 |
+SecTmpDir /var/apache2/2.2/modsec/tmp/ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
25 |
|
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
26 |
# The location where ModSecurity will keep its persistent data. This default setting |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
27 |
# is chosen due to all systems have /tmp available however, it |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
28 |
# too should be updated to a place that other users can't access. |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
29 |
# |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
30 |
-SecDataDir /tmp/ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
31 |
+SecDataDir /var/apache2/2.2/modsec/tmp/ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
32 |
|
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
33 |
|
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
34 |
# -- File uploads handling configuration ------------------------------------- |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
35 |
@@ -144,7 +154,7 @@ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
36 |
# location must be private to ModSecurity. You don't want other users on |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
37 |
# the server to access the files, do you? |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
38 |
# |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
39 |
-#SecUploadDir /opt/modsecurity/var/upload/ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
40 |
+#SecUploadDir /var/apache2/2.2/modsec/upload/ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
41 |
|
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
42 |
# By default, only keep the files that were determined to be unusual |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
43 |
# in some way (by an external inspection script). For this to work you |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
44 |
@@ -164,7 +174,7 @@ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
45 |
# The default debug log configuration is to duplicate the error, warning |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
46 |
# and notice messages from the error log. |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
47 |
# |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
48 |
-#SecDebugLog /opt/modsecurity/var/log/debug.log |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
49 |
+#SecDebugLog /var/apache2/2.2/logs/modsec_debug.log |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
50 |
#SecDebugLogLevel 3 |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
51 |
|
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
52 |
|
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
53 |
@@ -184,10 +194,10 @@ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
54 |
# assumes that you will use the audit log only ocassionally. |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
55 |
# |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
56 |
SecAuditLogType Serial |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
57 |
-SecAuditLog /var/log/modsec_audit.log |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
58 |
+SecAuditLog /var/apache2/2.2/logs/modsec_audit.log |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
59 |
|
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
60 |
# Specify the path for concurrent audit logging. |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
61 |
-#SecAuditLogStorageDir /opt/modsecurity/var/audit/ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
62 |
+#SecAuditLogStorageDir /var/apache2/2.2/modsec/audit/ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
63 |
|
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
64 |
|
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
65 |
# -- Miscellaneous ----------------------------------------------------------- |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
66 |
@@ -211,3 +221,5 @@ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
67 |
# |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
68 |
#SecUnicodeCodePage 20127 |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
69 |
#SecUnicodeMapFile unicode.mapping |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
70 |
+ |
207ff3b0329a
16476497 Upgrade ModSecurity to version 2.7.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
71 |
+</IfModule> |