You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
|
##
|
|
|
|
|
## apache-security.conf -- Apache configuration for mod_security
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
LoadModule security2_module @l_prefix@/libexec/apache/mod_security.so
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# core rule sets
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
# include core rule sets
|
|
|
|
|
Include @l_prefix@/etc/apache-security/modsecurity_crs_*.conf
|
|
|
|
|
|
|
|
|
|
# remove rules of the core rule set which have been proven to trigger
|
|
|
|
|
# false positives, mostly because they are definied in an too generic
|
|
|
|
|
# way
|
|
|
|
|
SecRuleRemoveById 950907 \
|
|
|
|
|
960015
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# general configuration parameters
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
SecRuleEngine On
|
|
|
|
|
SecRequestBodyAccess On
|
|
|
|
|
SecResponseBodyAccess Off
|
|
|
|
|
|
|
|
|
|
SecDebugLog @l_prefix@/var/apache/log/security-debug.log
|
|
|
|
|
SecDebugLogLevel 0
|
|
|
|
|
|
|
|
|
|
SecAuditEngine RelevantOnly
|
|
|
|
|
SecAuditLogRelevantStatus ^5
|
|
|
|
|
SecAuditLogParts ABIFHZ
|
|
|
|
|
SecAuditLogType Serial
|
|
|
|
|
SecAuditLog @l_prefix@/var/apache/log/security-audit.log
|
|
|
|
|
|
|
|
|
|
SecRequestBodyLimit 131072
|
|
|
|
|
SecRequestBodyInMemoryLimit 131072
|
|
|
|
|
SecResponseBodyLimit 524288
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# data storages
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
SecDataDir @l_prefix@/var/apache-security/data
|
|
|
|
|
SecTmpDir @l_prefix@/var/apache-security/tmp
|
|
|
|
|
SecUploadDir @l_prefix@/var/apache-security/upload
|
|
|
|
|
SecUploadKeepFiles Off
|
|
|
|
|
|
