diff options
-rw-r--r-- | config/apache_mod_security/apache_mod_security.inc | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc index 0fbe84c2..c91a063c 100644 --- a/config/apache_mod_security/apache_mod_security.inc +++ b/config/apache_mod_security/apache_mod_security.inc @@ -524,10 +524,40 @@ SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> -Include etc/apache22/Includes/*.conf +<IfModule mod_security.c> + # Turn the filtering engine On or Off + SecFilterEngine On + + # Make sure that URL encoding is valid + SecFilterCheckURLEncoding On + + # Unicode encoding check + SecFilterCheckUnicodeEncoding Off + + # Only allow bytes from this range + SecFilterForceByteRange 0 255 + + # Only log suspicious requests + SecAuditEngine RelevantOnly + + # The name of the audit log file + SecAuditLog logs/audit_log + # Debug level set to a minimum + SecFilterDebugLog logs/modsec_debug_log + SecFilterDebugLevel 0 + + # Should mod_security inspect POST payloads + SecFilterScanPOST On + + # By default log and deny suspicious requests + # with HTTP status 500 + SecFilterDefaultAction "deny,log,status:500" +</IfModule> {$mod_proxy} +Include etc/apache22/Includes/*.conf + EOF; $fd = fopen("/usr/local/etc/apache22/httpd.conf", "w"); |