aboutsummaryrefslogtreecommitdiffstats
path: root/config/apache_mod_security
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@mpb-geekgod.geekgod.com>2009-06-19 00:31:34 -0400
committerScott Ullrich <sullrich@mpb-geekgod.geekgod.com>2009-06-19 00:31:34 -0400
commitee394d036195985bb5d86d85af4b44e8ed877347 (patch)
tree903606b76f5aa1b5e387f0c90a10d3b31b63a496 /config/apache_mod_security
parent1f528a192e4725c1d0a4970f85da90d18e69bbf7 (diff)
downloadpfsense-packages-ee394d036195985bb5d86d85af4b44e8ed877347.tar.gz
pfsense-packages-ee394d036195985bb5d86d85af4b44e8ed877347.tar.bz2
pfsense-packages-ee394d036195985bb5d86d85af4b44e8ed877347.zip
Add common mod_security parms
Diffstat (limited to 'config/apache_mod_security')
-rw-r--r--config/apache_mod_security/apache_mod_security.inc32
1 files changed, 31 insertions, 1 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc
index 0fbe84c2..c91a063c 100644
--- a/config/apache_mod_security/apache_mod_security.inc
+++ b/config/apache_mod_security/apache_mod_security.inc
@@ -524,10 +524,40 @@ SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
-Include etc/apache22/Includes/*.conf
+<IfModule mod_security.c>
+ # Turn the filtering engine On or Off
+ SecFilterEngine On
+
+ # Make sure that URL encoding is valid
+ SecFilterCheckURLEncoding On
+
+ # Unicode encoding check
+ SecFilterCheckUnicodeEncoding Off
+
+ # Only allow bytes from this range
+ SecFilterForceByteRange 0 255
+
+ # Only log suspicious requests
+ SecAuditEngine RelevantOnly
+
+ # The name of the audit log file
+ SecAuditLog logs/audit_log
+ # Debug level set to a minimum
+ SecFilterDebugLog logs/modsec_debug_log
+ SecFilterDebugLevel 0
+
+ # Should mod_security inspect POST payloads
+ SecFilterScanPOST On
+
+ # By default log and deny suspicious requests
+ # with HTTP status 500
+ SecFilterDefaultAction "deny,log,status:500"
+</IfModule>
{$mod_proxy}
+Include etc/apache22/Includes/*.conf
+
EOF;
$fd = fopen("/usr/local/etc/apache22/httpd.conf", "w");