mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-13 21:36:00 +03:00
70 lines
2.4 KiB
Plaintext
70 lines
2.4 KiB
Plaintext
# ---------------------------------------------------------------
|
|
# Core ModSecurity Rule Set ver.1.6.1
|
|
# Copyright (C) 2006-2007 Breach Security Inc. All rights reserved.
|
|
#
|
|
# The ModSecuirty Core Rule Set is distributed under GPL version 2
|
|
# Please see the enclosed LICENCE file for full details.
|
|
# ---------------------------------------------------------------
|
|
|
|
|
|
|
|
# In most cases, you should expect a certain volume of each a request on your
|
|
# website. For example, a request with 400 arguments, can be suspicious.
|
|
# This file creates limitations on the request.
|
|
# TODO Look at the rules in this file, and define the sizes you'd like to enforce.
|
|
# Note that most of the rules are commented out by default.
|
|
# Uncomment the rules you need
|
|
#
|
|
|
|
## -- Arguments limits --
|
|
|
|
# Limit argument name length
|
|
#SecRule ARGS_NAMES "^.{100}" "phase:2,t:none,deny,log,auditlog,status:403,msg:'Argument name too long',id:'960209',severity:'4'"
|
|
|
|
# Limit value name length
|
|
#SecRule ARGS "^.{400}" "phase:2,t:none,deny,log,auditlog,status:403,msg:'Argument value too long',id:'960208',severity:'4'"
|
|
|
|
# Maximum number of arguments in request limited
|
|
SecRule &ARGS "@gt 255" "phase:2,t:none,deny,log,auditlog,status:403,msg:'Too many arguments in request',id:'960335',severity:'4'"
|
|
|
|
# Limit arguments total length
|
|
#SecRule ARGS_COMBINED_SIZE "@gt 64000" "phase:2,t:none,deny,log,auditlog,status:403,msg:'Total arguments size exceeded',id:'960341',severity:'4'"
|
|
|
|
|
|
## -- File upload limits --
|
|
|
|
# Individual file size is limited
|
|
#SecRule FILES_SIZES "@gt 1048576" "phase:2,t:none,deny,log,auditlog,status:403,msg:'Uploaded file size too large',id:'960342',severity:'4'"
|
|
|
|
# Combined file size is limited
|
|
#SecRule FILES_COMBINED_SIZE "@gt 1048576" "phase:2,t:none,deny,log,auditlog,status:403,msg:'Total uploaded files size too large',id:'960343',severity:'4'"
|
|
|
|
|
|
|
|
## -- Apache Limits --
|
|
|
|
# These are Apache limit directives, but we are including them here because
|
|
# they are often forgotten. If you already have these configured leave this
|
|
# section entirely commented-out. Otherwise review the limits and uncomment
|
|
# the directives.
|
|
|
|
# Maximum size of the request body.
|
|
#
|
|
# NOTE If your application allows file uploads the value below will
|
|
# most likely be way to low.
|
|
#
|
|
#LimitRequestBody 64000
|
|
|
|
# Maximum number of request headers in a request.
|
|
#
|
|
#LimitRequestFields 32
|
|
|
|
# Maximum size of request header lines.
|
|
#
|
|
#LimitRequestFieldSize 8000
|
|
|
|
# Maximum size of the request line.
|
|
#
|
|
#LimitRequestLine 4000
|
|
|