1 <IfModule mod_security2.c>
2 # ModSecurity Core Rules Set configuration
3 <%- if scope.function_versioncmp([scope.lookupvar('::apache::apache_version'), '2.4']) >= 0 -%>
4 IncludeOptional <%= @modsec_dir %>/*.conf
5 IncludeOptional <%= @modsec_dir %>/activated_rules/*.conf
7 Include <%= @modsec_dir %>/*.conf
8 Include <%= @modsec_dir %>/activated_rules/*.conf
11 # Default recommended configuration
13 SecRequestBodyAccess On
14 SecRule REQUEST_HEADERS:Content-Type "text/xml" \
15 "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
16 SecRequestBodyLimit 13107200
17 SecRequestBodyNoFilesLimit 131072
18 SecRequestBodyInMemoryLimit 131072
19 SecRequestBodyLimitAction Reject
20 SecRule REQBODY_ERROR "!@eq 0" \
21 "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
22 SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
23 "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: \
24 PE %{REQBODY_PROCESSOR_ERROR}, \
25 BQ %{MULTIPART_BOUNDARY_QUOTED}, \
26 BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
27 DB %{MULTIPART_DATA_BEFORE}, \
28 DA %{MULTIPART_DATA_AFTER}, \
29 HF %{MULTIPART_HEADER_FOLDING}, \
30 LF %{MULTIPART_LF_LINE}, \
31 SM %{MULTIPART_MISSING_SEMICOLON}, \
32 IQ %{MULTIPART_INVALID_QUOTING}, \
33 IP %{MULTIPART_INVALID_PART}, \
34 IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
35 FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
37 SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
38 "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
40 SecPcreMatchLimit 1000
41 SecPcreMatchLimitRecursion 1000
43 SecRule TX:/^MSC_/ "!@streq 0" \
44 "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
46 SecResponseBodyAccess Off
47 SecResponseBodyMimeType text/plain text/html text/xml
48 SecResponseBodyLimit 524288
49 SecResponseBodyLimitAction ProcessPartial
51 SecAuditEngine RelevantOnly
52 SecAuditLogRelevantStatus "^(?:5|4(?!04))"
53 SecAuditLogParts ABIJDEFHZ
54 SecAuditLogType Serial
55 SecArgumentSeparator &
57 <%- if scope.lookupvar('::osfamily') == 'Debian' -%>
58 SecDebugLog /var/log/apache2/modsec_debug.log
59 SecAuditLog /var/log/apache2/modsec_audit.log
60 SecTmpDir /var/cache/modsecurity
61 SecDataDir /var/cache/modsecurity
63 SecDebugLog /var/log/httpd/modsec_debug.log
64 SecAuditLog /var/log/httpd/modsec_audit.log
65 SecTmpDir /var/lib/mod_security
66 SecDataDir /var/lib/mod_security