|
1 <IfModule mod_security2.c> |
|
2 # ModSecurity Core Rules Set configuration |
|
3 <%- if scope.function_versioncmp([scope.lookupvar('::apache::apache_version'), '2.4']) >= 0 -%> |
|
4 IncludeOptional <%= @modsec_dir %>/*.conf |
|
5 IncludeOptional <%= @modsec_dir %>/activated_rules/*.conf |
|
6 <%- else -%> |
|
7 Include <%= @modsec_dir %>/*.conf |
|
8 Include <%= @modsec_dir %>/activated_rules/*.conf |
|
9 <%- end -%> |
|
10 |
|
11 # Default recommended configuration |
|
12 SecRuleEngine <%= @modsec_secruleengine %> |
|
13 SecRequestBodyAccess On |
|
14 SecRule REQUEST_HEADERS:Content-Type "text/xml" \ |
|
15 "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" |
|
16 SecRequestBodyLimit 13107200 |
|
17 SecRequestBodyNoFilesLimit 131072 |
|
18 SecRequestBodyInMemoryLimit 131072 |
|
19 SecRequestBodyLimitAction Reject |
|
20 SecRule REQBODY_ERROR "!@eq 0" \ |
|
21 "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" |
|
22 SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ |
|
23 "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: \ |
|
24 PE %{REQBODY_PROCESSOR_ERROR}, \ |
|
25 BQ %{MULTIPART_BOUNDARY_QUOTED}, \ |
|
26 BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ |
|
27 DB %{MULTIPART_DATA_BEFORE}, \ |
|
28 DA %{MULTIPART_DATA_AFTER}, \ |
|
29 HF %{MULTIPART_HEADER_FOLDING}, \ |
|
30 LF %{MULTIPART_LF_LINE}, \ |
|
31 SM %{MULTIPART_MISSING_SEMICOLON}, \ |
|
32 IQ %{MULTIPART_INVALID_QUOTING}, \ |
|
33 IP %{MULTIPART_INVALID_PART}, \ |
|
34 IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ |
|
35 FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" |
|
36 |
|
37 SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ |
|
38 "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" |
|
39 |
|
40 SecPcreMatchLimit 1000 |
|
41 SecPcreMatchLimitRecursion 1000 |
|
42 |
|
43 SecRule TX:/^MSC_/ "!@streq 0" \ |
|
44 "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" |
|
45 |
|
46 SecResponseBodyAccess Off |
|
47 SecResponseBodyMimeType text/plain text/html text/xml |
|
48 SecResponseBodyLimit 524288 |
|
49 SecResponseBodyLimitAction ProcessPartial |
|
50 SecDebugLogLevel 0 |
|
51 SecAuditEngine RelevantOnly |
|
52 SecAuditLogRelevantStatus "^(?:5|4(?!04))" |
|
53 SecAuditLogParts ABIJDEFHZ |
|
54 SecAuditLogType Serial |
|
55 SecArgumentSeparator & |
|
56 SecCookieFormat 0 |
|
57 <%- if scope.lookupvar('::osfamily') == 'Debian' -%> |
|
58 SecDebugLog /var/log/apache2/modsec_debug.log |
|
59 SecAuditLog /var/log/apache2/modsec_audit.log |
|
60 SecTmpDir /var/cache/modsecurity |
|
61 SecDataDir /var/cache/modsecurity |
|
62 SecUploadDir /var/cache/modsecurity |
|
63 <% else -%> |
|
64 SecDebugLog /var/log/httpd/modsec_debug.log |
|
65 SecAuditLog /var/log/httpd/modsec_audit.log |
|
66 SecTmpDir /var/lib/mod_security |
|
67 SecDataDir /var/lib/mod_security |
|
68 SecUploadDir /var/lib/mod_security |
|
69 <% end -%> |
|
70 SecUploadKeepFiles Off |
|
71 </IfModule> |