Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/apache2-modules/mod_security2/security2.conf
changeset 1212 207ff3b0329a
parent 1211 72f88619e71d
child 1213 389fa144ba08 
--- a/components/apache2-modules/mod_security2/security2.conf	Thu Mar 14 13:30:55 2013 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,59 +0,0 @@
-
-<IfDefine 64bit>
-LoadModule security2_module libexec/64/mod_security2.so
-</IfDefine>
-<IfDefine !64bit>
-LoadModule security2_module libexec/mod_security2.so
-</IfDefine>
-
-<IfModule mod_security2.c>
-
-# Basic configuration options
-SecRuleEngine On
-SecRequestBodyAccess On
-SecResponseBodyAccess Off
-
-# Handling of file uploads
-# TODO Choose a folder private to Apache.
-# SecUploadDir /opt/apache-frontend/tmp/
-SecUploadKeepFiles Off
-
-# Debug log
-SecDebugLog /var/apache2/2.2/logs/modsec_debug.log
-SecDebugLogLevel 0
-
-# Serial audit log
-SecAuditEngine RelevantOnly
-SecAuditLogRelevantStatus ^5
-SecAuditLogParts ABIFHZ
-SecAuditLogType Serial
-SecAuditLog /var/apache2/2.2/logs/modsec_audit.log
-
-# Maximum request body size we will
-# accept for buffering
-SecRequestBodyLimit 131072
-
-# Store up to 128 KB in memory
-SecRequestBodyInMemoryLimit 131072
-
-# Buffer response bodies of up to
-# 512 KB in length
-SecResponseBodyLimit 524288
-
-# Verify that we've correctly processed the request body.
-# As a rule of thumb, when failing to process a request body
-# you should reject the request when deployed in blocking mode
-# or log a high-severity alert when deployed in detection-only mode.
-SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" "phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"
-
-# By default be strict with what we accept in the multipart/form-data
-# request body. If the rule below proves to be too strict for your
-# environment consider changing it to detection-only. You are encouraged
-# _not_ to remove it altogether.
-SecRule MULTIPART_STRICT_ERROR "!@eq 0" "phase:2,t:none,log,deny,msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}'"
-
-# Did we see anything that might be a boundary?
-SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" "phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
-
-SecRule REQUEST_URI "sfw" "deny"
-</IfModule>
upstream/oracle/userland-gate