Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/apache2-modules/mod_security2/security2.conf
branchs11-update
changeset 2599 1f79ee48ae83
parent 2598 632ab7e51cae
child 2600 9fb5ff186455
equal deleted inserted replaced
2598:632ab7e51cae 2599:1f79ee48ae83 
     1 
       
     2 <IfDefine 64bit>
 
       
     3 LoadModule security2_module libexec/64/mod_security2.so
 
       
     4 </IfDefine>
 
       
     5 <IfDefine !64bit>
 
       
     6 LoadModule security2_module libexec/mod_security2.so
 
       
     7 </IfDefine>
 
       
     8 
       
     9 <IfModule mod_security2.c>
 
       
    10 
       
    11 # Basic configuration options
 
       
    12 SecRuleEngine On
 
       
    13 SecRequestBodyAccess On
 
       
    14 SecResponseBodyAccess Off
 
       
    15 
       
    16 # Handling of file uploads
 
       
    17 # TODO Choose a folder private to Apache.
 
       
    18 # SecUploadDir /opt/apache-frontend/tmp/
 
       
    19 SecUploadKeepFiles Off
 
       
    20 
       
    21 # Debug log
 
       
    22 SecDebugLog /var/apache2/2.2/logs/modsec_debug.log
 
       
    23 SecDebugLogLevel 0
 
       
    24 
       
    25 # Serial audit log
 
       
    26 SecAuditEngine RelevantOnly
 
       
    27 SecAuditLogRelevantStatus ^5
 
       
    28 SecAuditLogParts ABIFHZ
 
       
    29 SecAuditLogType Serial
 
       
    30 SecAuditLog /var/apache2/2.2/logs/modsec_audit.log
 
       
    31 
       
    32 # Maximum request body size we will
 
       
    33 # accept for buffering
 
       
    34 SecRequestBodyLimit 131072
 
       
    35 
       
    36 # Store up to 128 KB in memory
 
       
    37 SecRequestBodyInMemoryLimit 131072
 
       
    38 
       
    39 # Buffer response bodies of up to
 
       
    40 # 512 KB in length
 
       
    41 SecResponseBodyLimit 524288
 
       
    42 
       
    43 # Verify that we've correctly processed the request body.
 
       
    44 # As a rule of thumb, when failing to process a request body
 
       
    45 # you should reject the request when deployed in blocking mode
 
       
    46 # or log a high-severity alert when deployed in detection-only mode.
 
       
    47 SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" "phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"
 
       
    48 
       
    49 # By default be strict with what we accept in the multipart/form-data
 
       
    50 # request body. If the rule below proves to be too strict for your
 
       
    51 # environment consider changing it to detection-only. You are encouraged
 
       
    52 # _not_ to remove it altogether.
 
       
    53 SecRule MULTIPART_STRICT_ERROR "!@eq 0" "phase:2,t:none,log,deny,msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}'"
 
       
    54 
       
    55 # Did we see anything that might be a boundary?
 
       
    56 SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" "phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
 
       
    57 
       
    58 SecRule REQUEST_URI "sfw" "deny"
 
       
    59 </IfModule>
upstream/oracle/userland-gate