From 3bc3b925d9dbd05552d21b7465731d3b823eb515 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 23 Jun 2009 14:00:21 -0400 Subject: Add more mod_security bits --- config/apache_mod_security/apache_mod_security.inc | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc index 4d0402be..cf39e467 100644 --- a/config/apache_mod_security/apache_mod_security.inc +++ b/config/apache_mod_security/apache_mod_security.inc @@ -169,17 +169,37 @@ EOF; # Turn the filtering engine On or Off SecFilterEngine On + # XXX Add knobs for these + SecRuleEngine On + SecRequestBodyAccess On + SecResponseBodyAccess On + + # XXX Add knobs for these + SecRequestBodyInMemoryLimit 131072 + SecRequestBodyLimit 10485760 + + SecResponseBodyMimeTypesClear + SecResponseBodyMimeType (null) text/plain text/html text/css text/xml + + # XXX Add knobs for these + SecUploadDir /var/spool/apache/private + SecUploadKeepFiles Off + + # XXX Add knobs for these # The audit engine works independently and # can be turned On of Off on the per-server or # on the per-directory basis SecAuditEngine RelevantOnly + # XXX Add knobs for these # Make sure that URL encoding is valid SecFilterCheckURLEncoding On + # XXX Add knobs for these # Unicode encoding check SecFilterCheckUnicodeEncoding On + # XXX Add knobs for these # Only allow bytes from this range SecFilterForceByteRange 1 255 -- cgit v1.2.3