diff options
author | Scott Ullrich <sullrich@mpb-geekgod.geekgod.com> | 2009-06-19 00:31:34 -0400 |
---|---|---|
committer | Scott Ullrich <sullrich@mpb-geekgod.geekgod.com> | 2009-06-19 00:31:34 -0400 |
commit | ee394d036195985bb5d86d85af4b44e8ed877347 (patch) | |
tree | 903606b76f5aa1b5e387f0c90a10d3b31b63a496 | |
parent | 1f528a192e4725c1d0a4970f85da90d18e69bbf7 (diff) | |
download | pfsense-packages-ee394d036195985bb5d86d85af4b44e8ed877347.tar.gz pfsense-packages-ee394d036195985bb5d86d85af4b44e8ed877347.tar.bz2 pfsense-packages-ee394d036195985bb5d86d85af4b44e8ed877347.zip |
Add common mod_security parms
-rw-r--r-- | config/apache_mod_security/apache_mod_security.inc | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc index 0fbe84c2..c91a063c 100644 --- a/config/apache_mod_security/apache_mod_security.inc +++ b/config/apache_mod_security/apache_mod_security.inc @@ -524,10 +524,40 @@ SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> -Include etc/apache22/Includes/*.conf +<IfModule mod_security.c> + # Turn the filtering engine On or Off + SecFilterEngine On + + # Make sure that URL encoding is valid + SecFilterCheckURLEncoding On + + # Unicode encoding check + SecFilterCheckUnicodeEncoding Off + + # Only allow bytes from this range + SecFilterForceByteRange 0 255 + + # Only log suspicious requests + SecAuditEngine RelevantOnly + + # The name of the audit log file + SecAuditLog logs/audit_log + # Debug level set to a minimum + SecFilterDebugLog logs/modsec_debug_log + SecFilterDebugLevel 0 + + # Should mod_security inspect POST payloads + SecFilterScanPOST On + + # By default log and deny suspicious requests + # with HTTP status 500 + SecFilterDefaultAction "deny,log,status:500" +</IfModule> {$mod_proxy} +Include etc/apache22/Includes/*.conf + EOF; $fd = fopen("/usr/local/etc/apache22/httpd.conf", "w"); |