github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-16 08:27:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added an example on how to use concurrent logging and a ctl example using ruleRemoveTargetById

jamuse
2012-10-23 17:39:31 -07:00
parent c884d73ee9
commit cc0698f7fd
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Reference-Manual.mediawiki

@@ -2711,6 +2711,8 @@ Special rules control the usage of actions in chained rules:
<pre> <pre>
# Parse requests with Content-Type "text/xml" as XML # Parse requests with Content-Type "text/xml" as XML
SecRule REQUEST_CONTENT_TYPE ^text/xml "nolog,pass,id:106,ctl:requestBodyProcessor=XML" SecRule REQUEST_CONTENT_TYPE ^text/xml "nolog,pass,id:106,ctl:requestBodyProcessor=XML"
SecRule REQUEST_URI "@beginsWith /index.php" "phase:1,t:none,pass, \
nolog,ctl:ruleRemoveTargetById=981260;ARGS:user
</pre> </pre>
The following configuration options are supported: The following configuration options are supported:
@@ -3915,7 +3917,7 @@ SecRequestBodyNoFilesLimit 131072
# #
SecRequestBodyInMemoryLimit 131072 SecRequestBodyInMemoryLimit 131072
# What do do if the request body size is above our configured limit. # What to do if the request body size is above our configured limit.
# Keep in mind that this setting will automatically be set to ProcessPartial # Keep in mind that this setting will automatically be set to ProcessPartial
# when SecRuleEngine is set to DetectionOnly mode in order to minimize # when SecRuleEngine is set to DetectionOnly mode in order to minimize
# disruptions when initially deploying ModSecurity. # disruptions when initially deploying ModSecurity.
@@ -4058,11 +4060,15 @@ SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ SecAuditLogParts ABIJDEFHZ
# Use a single file for logging. This is much easier to look at, but # Use a single file for logging. This is much easier to look at, but
# assumes that you will use the audit log only ocassionally. # assumes that you will use the audit log only occasionally.
# #
SecAuditLogType Serial SecAuditLogType Serial
SecAuditLog /var/log/modsec_audit.log SecAuditLog /var/log/modsec_audit.log
# Use concurrent logging
#SecAuditLogType Concurrent
#SecAuditLog "|/opt/modsecurity/bin/mlogc /opt/modsecurity/etc/mlogc.conf"
# Specify the path for concurrent audit logging. # Specify the path for concurrent audit logging.
#SecAuditLogStorageDir /opt/modsecurity/var/audit/ #SecAuditLogStorageDir /opt/modsecurity/var/audit/
@@ -4105,4 +4111,3 @@ While we will continue to enhance ModSecurity to deal with various evasion techn
#When "magic_quotes_gpc" is set to "On" PHP will use backslash to escape the following characters: single quote, double quote, backslash, and the nul byte. #When "magic_quotes_gpc" is set to "On" PHP will use backslash to escape the following characters: single quote, double quote, backslash, and the nul byte.
#If "magic_quotes_sybase" is set to "On" only the single quote will be escaped using another single quote. In this case the "magic_quotes_gpc" setting becomes irrelevant. The "magic_quotes_sybase" setting completely overrides the "magic_quotes_gpc" behaviour but "magic_quotes_gpc" still must be set to "On" for the Sybase-specific quoting to be work. #If "magic_quotes_sybase" is set to "On" only the single quote will be escaped using another single quote. In this case the "magic_quotes_gpc" setting becomes irrelevant. The "magic_quotes_sybase" setting completely overrides the "magic_quotes_gpc" behaviour but "magic_quotes_gpc" still must be set to "On" for the Sybase-specific quoting to be work.
#PHP will also automatically create nested arrays for you. For example "p[x][y]=1" results in a total of three variables. #PHP will also automatically create nested arrays for you. For example "p[x][y]=1" results in a total of three variables.