aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/apache_mod_security/apache_mod_security.inc32
1 files changed, 31 insertions, 1 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc
index 0fbe84c2..c91a063c 100644
--- a/config/apache_mod_security/apache_mod_security.inc
+++ b/config/apache_mod_security/apache_mod_security.inc
@@ -524,10 +524,40 @@ SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
-Include etc/apache22/Includes/*.conf
+<IfModule mod_security.c>
+ # Turn the filtering engine On or Off
+ SecFilterEngine On
+
+ # Make sure that URL encoding is valid
+ SecFilterCheckURLEncoding On
+
+ # Unicode encoding check
+ SecFilterCheckUnicodeEncoding Off
+
+ # Only allow bytes from this range
+ SecFilterForceByteRange 0 255
+
+ # Only log suspicious requests
+ SecAuditEngine RelevantOnly
+
+ # The name of the audit log file
+ SecAuditLog logs/audit_log
+ # Debug level set to a minimum
+ SecFilterDebugLog logs/modsec_debug_log
+ SecFilterDebugLevel 0
+
+ # Should mod_security inspect POST payloads
+ SecFilterScanPOST On
+
+ # By default log and deny suspicious requests
+ # with HTTP status 500
+ SecFilterDefaultAction "deny,log,status:500"
+</IfModule>
{$mod_proxy}
+Include etc/apache22/Includes/*.conf
+
EOF;
$fd = fopen("/usr/local/etc/apache22/httpd.conf", "w");