Add initial CRS v2.0, reorganizing the rules a bit (MODSEC-79).

rules/modsecurity_crs_10_config.conf

@@ -1,12 +1,15 @@
 # ---------------------------------------------------------------
-# Core ModSecurity Rule Set ver.1.6.1
-# Copyright (C) 2006-2007 Breach Security Inc. All rights reserved.
+# Core ModSecurity Rule Set ver.2.0
+# Copyright (C) 2006-2009 Breach Security Inc. All rights reserved.
 #
 # The ModSecuirty Core Rule Set is distributed under GPL version 2
 # Please see the enclosed LICENCE file for full details.
 # ---------------------------------------------------------------
 
 
+# The directives within this file can be included within
+# Virtual Host containers.
+#
 # Configuration contained in this file should be customized
 # for your specific requirements before deployment.
 #
@@ -75,6 +78,9 @@ SecResponseBodyAccess On
 SecResponseBodyMimeType (null) text/html text/plain text/xml
 SecResponseBodyLimit 524288
 
+# The following directive will not block large response bodies, but rather will
+# only inspect data up to the size SecResponseBodyLimit setting.
+SecResponseBodyLimitAction ProcessPartial
 
 # Initiate XML Processor in case of xml content-type
 #
@@ -92,6 +98,14 @@ SecResponseBodyLimit 524288
 # This is a reasonable setting to start with because you do not
 # want to reject legitimate requests with an untuned rule set.
 #
+# The following line's settings will be inherited by rules that
+# either do not specify an action at all, or if they use the 
+# "block" action. This will also allow the rules to use 
+# Anomaly Scoring (must use the
+# modsecurity_crs_49_anomaly_scoring.conf file).
+#
+SecDefaultAction "phase:2,pass"
+
 # If, after monitoring the performance of the rule set after a
 # sufficient period, you determine the rules never (or rarely
 # trigger on legitimate requests) you can change to something
@@ -100,21 +114,7 @@ SecResponseBodyLimit 524288
 # to only configure some rules to reject requests, leaving most
 # of them to work in detection mode.
 #
-#SecDefaultAction "phase:2,log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace"
-
-# Set web server identification string
-#
-# TODO In case you use Apache, you may want specify a simple server signature
-#      instead of the detailed Apache default signature that list most modules
-#      used on the specific Apache deployment:
-#      "Apache/2.2.0 (Fedora)"   
-#      For this directive to work, you need to set Apache ServerTokens
-#      to Full (this is the default option)
-SecServerSignature "Apache/2.2.0 (Fedora)"
-
-# Add ruleset identity to the logs
-#
-SecComponentSignature "core ruleset/1.6.1"
+#SecDefaultAction "phase:2,deny"
 
 ## -- File uploads configuration -----------------------------------------------
 # Temporary file storage path.
@@ -243,19 +243,6 @@ SecAuditLogParts "ABIFHKZ"
 # modifications unless 
 
  
-# Parameters separator
-#
-# Specifies which character to use as separator for 
-# application/x-www-form-urlencoded content. 
-# Defaults to "&". Applications are sometimes (very rarely) written to use 
-# a semicolon (";").
-#
-# NOTE Changing the value for this directive has significant influence on how
-#      ModSecurity works. Make the change only if you are absolutely sure it
-#      is required.
-SecArgumentSeparator "&" 
-
-
 # Selects the cookie format that will be used in the current configuration 
 # context. 
 #
@@ -285,16 +272,5 @@ SecRequestBodyInMemoryLimit 131072
 SecDebugLog             logs/modsec_debug.log
 SecDebugLogLevel        3
 
-# Path where persistent data (e.g. IP address data, session data, etc) is to
-# be stored. Must be writable by the web server user.
-#
-# TODO It is advisable to create a directory structure for ModSecurity such as
-#      /var/log/msa and create sub directories for SecDataDir, SecTmpDir,
-#      SecUploadDir, SecAuditLog and SecAuditLogStorageDir
-#      underneath it and set the permission for read and write only by the
-#      Apache user.
-
-SecDataDir /tmp
-
 # Configures the directory where temporary files will be created.
 SecTmpDir /tmp