From ee394d036195985bb5d86d85af4b44e8ed877347 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@mpb-geekgod.geekgod.com>
Date: Fri, 19 Jun 2009 00:31:34 -0400
Subject: Add common mod_security parms

---
 config/apache_mod_security/apache_mod_security.inc | 32 +++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

(limited to 'config/apache_mod_security')

diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc
index 0fbe84c2..c91a063c 100644
--- a/config/apache_mod_security/apache_mod_security.inc
+++ b/config/apache_mod_security/apache_mod_security.inc
@@ -524,10 +524,40 @@ SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
 </IfModule>
 
-Include etc/apache22/Includes/*.conf
+<IfModule mod_security.c>
+    # Turn the filtering engine On or Off
+    SecFilterEngine On
+    
+    # Make sure that URL encoding is valid
+    SecFilterCheckURLEncoding On
+    
+    # Unicode encoding check
+    SecFilterCheckUnicodeEncoding Off
+    
+    # Only allow bytes from this range
+    SecFilterForceByteRange 0 255
+    
+    # Only log suspicious requests
+    SecAuditEngine RelevantOnly
+    
+    # The name of the audit log file
+    SecAuditLog logs/audit_log
+    # Debug level set to a minimum
+    SecFilterDebugLog logs/modsec_debug_log    
+    SecFilterDebugLevel 0
+    
+    # Should mod_security inspect POST payloads
+    SecFilterScanPOST On
+    
+    # By default log and deny suspicious requests
+    # with HTTP status 500
+    SecFilterDefaultAction "deny,log,status:500"
+</IfModule>
 
 {$mod_proxy}
 
+Include etc/apache22/Includes/*.conf
+
 EOF;
 
 	$fd = fopen("/usr/local/etc/apache22/httpd.conf", "w");
-- 
cgit v1.2.3