2 # Basic configuration options
4 SecRequestBodyAccess On
5 SecResponseBodyAccess Off
7 # Handling of file uploads
8 # TODO Choose a folder private to Apache.
9 # SecUploadDir /opt/apache-frontend/tmp/
10 SecUploadKeepFiles Off
13 SecDebugLog logs/modsec_debug.log
17 SecAuditEngine RelevantOnly
18 SecAuditLogRelevantStatus ^5
19 SecAuditLogParts ABIFHZ
20 SecAuditLogType Serial
21 SecAuditLog logs/modsec_audit.log
23 # Maximum request body size we will
24 # accept for buffering
25 SecRequestBodyLimit 131072
27 # Store up to 128 KB in memory
28 SecRequestBodyInMemoryLimit 131072
30 # Buffer response bodies of up to
32 SecResponseBodyLimit 524288
34 # Verify that we've correctly processed the request body.
35 # As a rule of thumb, when failing to process a request body
36 # you should reject the request (when deployed in blocking mode)
37 # or log a high-severity alert (when deployed in detection-only mode).
38 SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \
39 "phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"
41 # By default be strict with what we accept in the multipart/form-data
42 # request body. If the rule below proves to be too strict for your
43 # environment consider changing it to detection-only. You are encouraged
44 # _not_ to remove it altogether.
45 SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
46 "phase:2,t:none,log,deny,msg:'Multipart request body \
47 failed strict validation: \
48 PE %{REQBODY_PROCESSOR_ERROR}, \
49 BQ %{MULTIPART_BOUNDARY_QUOTED}, \
50 BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
51 DB %{MULTIPART_DATA_BEFORE}, \
52 DA %{MULTIPART_DATA_AFTER}, \
53 HF %{MULTIPART_HEADER_FOLDING}, \
54 LF %{MULTIPART_LF_LINE}, \
55 SM %{MULTIPART_SEMICOLON_MISSING}, \
56 IQ %{MULTIPART_INVALID_QUOTING}'"
58 # Did we see anything that might be a boundary?
59 SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
60 "phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
projects / libapache-mod-security.git / blob