# --------------------------------------------------------------- # Core ModSecurity Rule Set ver.2.0.3 # Copyright (C) 2006-2009 Breach Security Inc. All rights reserved. # # The ModSecuirty Core Rule Set is distributed under GPL version 2 # Please see the enclosed LICENCE file for full details. # --------------------------------------------------------------- # Configuration contained in this file should be included # in the MAIN Apache config section as these directives # can not be included within Virtual Host containers. # # Set web server identification string # # If you want to spoof another web server type, you can specify it like this - # # SecServerSignature "Microsoft-IIS/6.0" # or # SecServerSignature "Sun-ONE-Web-Server/6.1" # # Spoofing the Server token data is considered by some to be "Security by Obscurity" # and that may be true when it is the *only* security measure taken. There is # a security benefit, however, with changing this data and that is to help # protect against automated banner-grabbing tools, exploit code and worms that # decide to send the attack payload based on the target platform data in the # Server token. # # For this directive to work, you need to set Apache ServerTokens # to Full (this is the default option) # # The default setting is to server a blank Server banner SecServerSignature " " # Add ruleset identity to the logs # SecComponentSignature "core ruleset/2.0.3" # Parameters separator # # Specifies which character to use as separator for # application/x-www-form-urlencoded content. # Defaults to "&". Applications are sometimes (very rarely) written to use # a semicolon (";"). # # NOTE Changing the value for this directive has significant influence on how # ModSecurity works. Make the change only if you are absolutely sure it # is required. SecArgumentSeparator "&" # Path where persistent data (e.g. IP address data, session data, etc) is to # be stored. Must be writable by the web server user. # # TODO It is advisable to create a directory structure for ModSecurity such as # /var/log/msa and create sub directories for SecDataDir, SecTmpDir, # SecUploadDir, SecAuditLog and SecAuditLogStorageDir # underneath it and set the permission for read and write only by the # Apache user. SecDataDir /tmp # Create both Global and IP collections for rules to use SecAction "phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr}"