mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-13 21:36:00 +03:00
41 lines
1.0 KiB
Plaintext
41 lines
1.0 KiB
Plaintext
|
|
# Basic configuration options
|
|
SecRuleEngine On
|
|
SecRequestBodyAccess On
|
|
SecResponseBodyAccess Off
|
|
|
|
# Handling of file uploads
|
|
# TODO Choose a folder private to Apache.
|
|
# SecUploadDir /opt/apache-frontend/tmp/
|
|
SecUploadKeepFiles Off
|
|
|
|
# Debug log
|
|
SecDebugLog logs/modsec_debug.log
|
|
SecDebugLogLevel 0
|
|
|
|
# Serial audit log
|
|
SecAuditEngine RelevantOnly
|
|
SecAuditLogRelevantStatus ^5
|
|
SecAuditLogParts ABIFHZ
|
|
SecAuditLogType Serial
|
|
SecAuditLog logs/modsec_audit.log
|
|
|
|
# Maximum request body size we will
|
|
# accept for buffering
|
|
SecRequestBodyLimit 131072
|
|
|
|
# Store up to 128 KB in memory
|
|
SecRequestBodyInMemoryLimit 131072
|
|
|
|
# Buffer response bodies of up to
|
|
# 512 KB in length
|
|
SecResponseBodyLimit 524288
|
|
|
|
# Verify that we've correctly processed the request body.
|
|
# As a rule of thumb, when failing to process a request body
|
|
# you should reject the request (when deployed in blocking mode)
|
|
# or log a high-severity alert (when deployed in detection-only mode).
|
|
SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \
|
|
"phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"
|
|
|