1 # ---------------------------------------------------------------
2 # Core ModSecurity Rule Set ver.2.0.3
3 # Copyright (C) 2006-2009 Breach Security Inc. All rights reserved.
5 # The ModSecuirty Core Rule Set is distributed under GPL version 2
6 # Please see the enclosed LICENCE file for full details.
7 # ---------------------------------------------------------------
10 # Configuration contained in this file should be included
11 # in the MAIN Apache config section as these directives
12 # can not be included within Virtual Host containers.
15 # Set web server identification string
17 # If you want to spoof another web server type, you can specify it like this -
19 # SecServerSignature "Microsoft-IIS/6.0"
21 # SecServerSignature "Sun-ONE-Web-Server/6.1"
23 # Spoofing the Server token data is considered by some to be "Security by Obscurity"
24 # and that may be true when it is the *only* security measure taken. There is
25 # a security benefit, however, with changing this data and that is to help
26 # protect against automated banner-grabbing tools, exploit code and worms that
27 # decide to send the attack payload based on the target platform data in the
30 # For this directive to work, you need to set Apache ServerTokens
31 # to Full (this is the default option)
33 # The default setting is to server a blank Server banner
34 SecServerSignature " "
36 # Add ruleset identity to the logs
38 SecComponentSignature "core ruleset/2.0.3"
40 # Parameters separator
42 # Specifies which character to use as separator for
43 # application/x-www-form-urlencoded content.
44 # Defaults to "&". Applications are sometimes (very rarely) written to use
47 # NOTE Changing the value for this directive has significant influence on how
48 # ModSecurity works. Make the change only if you are absolutely sure it
50 SecArgumentSeparator "&"
52 # Path where persistent data (e.g. IP address data, session data, etc) is to
53 # be stored. Must be writable by the web server user.
55 # TODO It is advisable to create a directory structure for ModSecurity such as
56 # /var/log/msa and create sub directories for SecDataDir, SecTmpDir,
57 # SecUploadDir, SecAuditLog and SecAuditLogStorageDir
58 # underneath it and set the permission for read and write only by the
63 # Create both Global and IP collections for rules to use
64 SecAction "phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr}"