mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-15 23:55:03 +03:00
Small fixes.
This commit is contained in:
ivanr
parent
f9999c440c
commit
6ebecdb3e5
@ -3,7 +3,7 @@
|
|||||||
<title>ModSecurity Reference Manual</title>
|
<title>ModSecurity Reference Manual</title>
|
||||||
|
|
||||||
<articleinfo>
|
<articleinfo>
|
||||||
<releaseinfo>Version 2.1.0-rc7 / (February 5, 2007)</releaseinfo>
|
<releaseinfo>Version 2.1.0 / (February 23, 2007)</releaseinfo>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2004-2007</year>
|
<year>2004-2007</year>
|
||||||
@ -176,7 +176,7 @@
|
|||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>ModSecurity, mod_security, and ModSecurity Pro are trademarks or
|
<para>ModSecurity, mod_security, and ModSecurity Pro are trademarks or
|
||||||
registered trademarks of Breach Security.</para>
|
registered trademarks of Breach Security, Inc.</para>
|
||||||
</note>
|
</note>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
@ -394,30 +394,32 @@
|
|||||||
|
|
||||||
<para>The following section outlines all of the ModSecurity directives.
|
<para>The following section outlines all of the ModSecurity directives.
|
||||||
Most of the ModSecurity directives can be used inside the various Apache
|
Most of the ModSecurity directives can be used inside the various Apache
|
||||||
Scope Directives such as Virtual Hosts, Location, LocationMatch,
|
Scope Directives such as <literal>VirtualHost</literal>,
|
||||||
Directory, etc... There are others, however, that can only be used once in
|
<literal>Location</literal>, <literal>LocationMatch</literal>,
|
||||||
the main configuration file. This information is specified in the Scope
|
<literal>Directory</literal>, etc... There are others, however, that can
|
||||||
sections below.</para>
|
only be used once in the main configuration file. This information is
|
||||||
|
specified in the Scope sections below.</para>
|
||||||
|
|
||||||
<para>These rules, along with the Core rules files, should be contained is
|
<para>These rules, along with the Core rules files, should be contained is
|
||||||
files outside of the httpd.conf file and called up with Apache "Include"
|
files outside of the httpd.conf file and called up with Apache "Include"
|
||||||
directives. This allows for easier updating/migration of the rules. If you
|
directives. This allows for easier updating/migration of the rules. If you
|
||||||
create your own custom rules that you would like to use with the Core
|
create your own custom rules that you would like to use with the Core
|
||||||
rules, you should create a file called -
|
rules, you should create a file called -
|
||||||
modsecurity_crs_15_customrules.conf and place it in the same directory as
|
<filename>modsecurity_crs_15_customrules.conf</filename> and place it in
|
||||||
the Core rules files. By using this file name, your custom rules will be
|
the same directory as the Core rules files. By using this file name, your
|
||||||
called up after the standard ModSecurity Core rules configuration file but
|
custom rules will be called up after the standard ModSecurity Core rules
|
||||||
before the other Core rules. This allows your rules to be evaluate first
|
configuration file but before the other Core rules. This allows your rules
|
||||||
which can be useful if you need to implement specific "allow" rules or to
|
to be evaluate first which can be useful if you need to implement specific
|
||||||
correct any false positives in the Core rules as they are applied to your
|
"allow" rules or to correct any false positives in the Core rules as they
|
||||||
site.</para>
|
are applied to your site.</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Note</emphasis></para>
|
<para><emphasis role="bold">Note</emphasis></para>
|
||||||
|
|
||||||
<para>It is highly encouraged that you do not edit the Core rules files
|
<para>It is highly encouraged that you do not edit the Core rules files
|
||||||
themselves but rather place all changes (such as SecRuleRemoveByID,
|
themselves but rather place all changes (such as
|
||||||
etc...) in your custom rules file. This will allow for easier upgrading as
|
<literal>SecRuleRemoveByID</literal>, etc...) in your custom rules file.
|
||||||
newer Core rules are released by Breach on the ModSecurity website.</para>
|
This will allow for easier upgrading as newer Core rules are released by
|
||||||
|
Breach Security on the ModSecurity website.</para>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title><literal>SecAction</literal></title>
|
<title><literal>SecAction</literal></title>
|
||||||
@ -507,7 +509,7 @@
|
|||||||
SecAuditLogParts ABCFHZ
|
SecAuditLogParts ABCFHZ
|
||||||
SecAuditLogType concurrent
|
SecAuditLogType concurrent
|
||||||
SecAuditLogStorageDir logs/audit
|
SecAuditLogStorageDir logs/audit
|
||||||
<emphasis role="bold">SecAuditLogRelevantStatus "^(4|5)"</emphasis></programlisting>
|
<emphasis role="bold">SecAuditLogRelevantStatus ^[45]</emphasis></programlisting>
|
||||||
|
|
||||||
<para>Possible values are:</para>
|
<para>Possible values are:</para>
|
||||||
|
|
||||||
@ -584,12 +586,12 @@ SecAuditLogStorageDir logs/audit
|
|||||||
</emphasis>Any</para>
|
</emphasis>Any</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Dependencies/Notes: </emphasis>At this time
|
<para><emphasis role="bold">Dependencies/Notes: </emphasis>At this time
|
||||||
ModSecurity does not log response bodies of stock Apache responses
|
ModSecurity does not log response bodies of stock Apache responses (e.g.
|
||||||
(e.g.<literal moreinfo="none">404</literal>), or the<literal
|
<literal moreinfo="none">404</literal>), or the <literal
|
||||||
moreinfo="none"> Server</literal> and<literal moreinfo="none"> Date
|
moreinfo="none">Server</literal> and <literal
|
||||||
</literal>response headers.</para>
|
moreinfo="none">Date</literal> response headers.</para>
|
||||||
|
|
||||||
<para>Default<literal moreinfo="none">ABCFHZ</literal>.</para>
|
<para>Default:<literal moreinfo="none"> ABCFHZ</literal>.</para>
|
||||||
|
|
||||||
<para>Available audit log parts:</para>
|
<para>Available audit log parts:</para>
|
||||||
|
|
||||||
@ -637,7 +639,8 @@ SecAuditLogStorageDir logs/audit
|
|||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><literal moreinfo="none">H</literal>- audit log trailer</para>
|
<para><literal moreinfo="none">H</literal> - audit log
|
||||||
|
trailer</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -676,7 +679,7 @@ SecAuditLogStorageDir logs/audit
|
|||||||
moreinfo="none">SecAuditLogRelevantStatus REGEX</literal></para>
|
moreinfo="none">SecAuditLogRelevantStatus REGEX</literal></para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Example Usage:</emphasis> <literal
|
<para><emphasis role="bold">Example Usage:</emphasis> <literal
|
||||||
moreinfo="none">SecAuditLogRelevantStatus ^(4|5)</literal></para>
|
moreinfo="none">SecAuditLogRelevantStatus ^[45]</literal></para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Processing Phase: </emphasis>N/A</para>
|
<para><emphasis role="bold">Processing Phase: </emphasis>N/A</para>
|
||||||
|
|
||||||
@ -732,10 +735,10 @@ SecAuditLogStorageDir logs/audit
|
|||||||
of audit logging mechanism to be used.</para>
|
of audit logging mechanism to be used.</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Syntax:</emphasis> <literal
|
<para><emphasis role="bold">Syntax:</emphasis> <literal
|
||||||
moreinfo="none">SecAuditLogType serial|concurrent</literal></para>
|
moreinfo="none">SecAuditLogType Serial|Concurrent</literal></para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Example Usage:</emphasis> <literal
|
<para><emphasis role="bold">Example Usage:</emphasis> <literal
|
||||||
moreinfo="none">SecAuditLogType serial</literal></para>
|
moreinfo="none">SecAuditLogType Serial</literal></para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
|
<para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
|
||||||
|
|
||||||
@ -965,8 +968,7 @@ SecAuditLogStorageDir logs/audit
|
|||||||
|
|
||||||
<para>The default value is:</para>
|
<para>The default value is:</para>
|
||||||
|
|
||||||
<programlisting format="linespecific">SecDefaultAction \
|
<programlisting format="linespecific">SecDefaultAction log,auditlog,deny,status:403,phase:2,t:none</programlisting>
|
||||||
log,auditlog,deny,status:403,phase:2,t:lowercase,t:replaceNulls,t:compressWhitespace</programlisting>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Note</emphasis></para>
|
<para><emphasis role="bold">Note</emphasis></para>
|
||||||
|
|
||||||
@ -1864,7 +1866,7 @@ SecRule HTTP_Host "!^$" "deny,<emphasis role="bold">phase:1</emphasis>"</program
|
|||||||
prevent buffer overflow issues). Example: Block request if the size of
|
prevent buffer overflow issues). Example: Block request if the size of
|
||||||
the arguments is above 25 characters.</para>
|
the arguments is above 25 characters.</para>
|
||||||
|
|
||||||
<programlisting format="linespecific">SecRule REQUEST_FILENAME "^/cgi-bin/login\.php$" "chain,log,deny,status:403,phase:2"
|
<programlisting format="linespecific">SecRule REQUEST_FILENAME "^/cgi-bin/login\.php$" "chain,log,deny,phase:2"
|
||||||
SecRule<emphasis role="bold"> ARGS_COMBINED_SIZE </emphasis>"@gt 25"</programlisting>
|
SecRule<emphasis role="bold"> ARGS_COMBINED_SIZE </emphasis>"@gt 25"</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -1957,7 +1959,7 @@ SecRule <emphasis role="bold">ENV:tag</emphasis> "suspicious"</programlisting>
|
|||||||
moreinfo="none">@inspectFile. </literal>Note: only available if files
|
moreinfo="none">@inspectFile. </literal>Note: only available if files
|
||||||
were extracted from the request body. Example:</para>
|
were extracted from the request body. Example:</para>
|
||||||
|
|
||||||
<programlisting format="linespecific">SecRule <emphasis role="bold">FILES_TMPNAMES</emphasis> "@inspectFile /usr/local/apache/tests/inspect_script.pl"</programlisting>
|
<programlisting format="linespecific">SecRule <emphasis role="bold">FILES_TMPNAMES</emphasis> "@inspectFile /path/to/inspect_script.pl"</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
@ -2309,7 +2311,7 @@ SecRule XML "@validateDTD /opt/apache-frontend/conf/xml.dtd"</programlisting>
|
|||||||
action. Only available for expansion in action strings (e.g.<literal
|
action. Only available for expansion in action strings (e.g.<literal
|
||||||
moreinfo="none">setvar:tx.varname=%{rule.id}</literal>). Example:</para>
|
moreinfo="none">setvar:tx.varname=%{rule.id}</literal>). Example:</para>
|
||||||
|
|
||||||
<programlisting format="linespecific">SecRule &REQUEST_HEADERS:Host "@eq 0" "phase:2,deny,id:1,setvar:tx.varname=<emphasis
|
<programlisting format="linespecific">SecRule &REQUEST_HEADERS:Host "@eq 0" "log,deny,setvar:tx.varname=<emphasis
|
||||||
role="bold">%{rule.id}</emphasis>"</programlisting>
|
role="bold">%{rule.id}</emphasis>"</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -2562,7 +2564,7 @@ SecAction setsid:%{REQUEST_COOKIES.PHPSESSID}</programlisting>
|
|||||||
this this request and then it will decided whether or not to allow/deny
|
this this request and then it will decided whether or not to allow/deny
|
||||||
the request through.</para>
|
the request through.</para>
|
||||||
|
|
||||||
<programlisting format="linespecific">SecRule WEBSERVER_ERROR_LOG "File does not exist" "phase:5,pass,<emphasis
|
<programlisting format="linespecific">SecRule WEBSERVER_ERROR_LOG "does not exist" "phase:5,pass,<emphasis
|
||||||
role="bold">setvar:tx.score=+5</emphasis>"
|
role="bold">setvar:tx.score=+5</emphasis>"
|
||||||
SecRule<emphasis role="bold"> TX:SCORE</emphasis> "@gt 20" deny,log</programlisting>
|
SecRule<emphasis role="bold"> TX:SCORE</emphasis> "@gt 20" deny,log</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user