1 |
|
2 <IfDefine 64bit> |
|
3 LoadModule security2_module libexec/64/mod_security2.so |
|
4 </IfDefine> |
|
5 <IfDefine !64bit> |
|
6 LoadModule security2_module libexec/mod_security2.so |
|
7 </IfDefine> |
|
8 |
|
9 <IfModule mod_security2.c> |
|
10 |
|
11 # Basic configuration options |
|
12 SecRuleEngine On |
|
13 SecRequestBodyAccess On |
|
14 SecResponseBodyAccess Off |
|
15 |
|
16 # Handling of file uploads |
|
17 # TODO Choose a folder private to Apache. |
|
18 # SecUploadDir /opt/apache-frontend/tmp/ |
|
19 SecUploadKeepFiles Off |
|
20 |
|
21 # Debug log |
|
22 SecDebugLog /var/apache2/2.2/logs/modsec_debug.log |
|
23 SecDebugLogLevel 0 |
|
24 |
|
25 # Serial audit log |
|
26 SecAuditEngine RelevantOnly |
|
27 SecAuditLogRelevantStatus ^5 |
|
28 SecAuditLogParts ABIFHZ |
|
29 SecAuditLogType Serial |
|
30 SecAuditLog /var/apache2/2.2/logs/modsec_audit.log |
|
31 |
|
32 # Maximum request body size we will |
|
33 # accept for buffering |
|
34 SecRequestBodyLimit 131072 |
|
35 |
|
36 # Store up to 128 KB in memory |
|
37 SecRequestBodyInMemoryLimit 131072 |
|
38 |
|
39 # Buffer response bodies of up to |
|
40 # 512 KB in length |
|
41 SecResponseBodyLimit 524288 |
|
42 |
|
43 # Verify that we've correctly processed the request body. |
|
44 # As a rule of thumb, when failing to process a request body |
|
45 # you should reject the request when deployed in blocking mode |
|
46 # or log a high-severity alert when deployed in detection-only mode. |
|
47 SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" "phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2" |
|
48 |
|
49 # By default be strict with what we accept in the multipart/form-data |
|
50 # request body. If the rule below proves to be too strict for your |
|
51 # environment consider changing it to detection-only. You are encouraged |
|
52 # _not_ to remove it altogether. |
|
53 SecRule MULTIPART_STRICT_ERROR "!@eq 0" "phase:2,t:none,log,deny,msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}'" |
|
54 |
|
55 # Did we see anything that might be a boundary? |
|
56 SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" "phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" |
|
57 |
|
58 SecRule REQUEST_URI "sfw" "deny" |
|
59 </IfModule> |
|