This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Modsecurity crs 10 config.conf"

From OWASP
Jump to: navigation, search
(Created page with '# The directives within this file can be included within # Virtual Host containers. # # Configuration contained in this file should be customized # for your specific requirements…')
 
Line 1: Line 1:
# The directives within this file can be included within
+
The data within this conf file may be specified within Apache virtual host containers. The following ModSecurity directives are set within this file -
# Virtual Host containers.
+
 
#
+
SecRuleEngine
# Configuration contained in this file should be customized
+
SecRequestBodyAccess
# for your specific requirements before deployment.
+
SecResponseBodyAccess
#
+
SecResponseBodyMimeType
# Next to each rule there is a description of what it does. Each
+
SecResponseBodyLimit
# location where customization is needed is marked with "TODO". It
+
SecResponseBodyLimitAction
# is recommended that you:
+
SecDefaultAction
#
+
SecUploadDir
# 1) Keep a copy of the original file. This will allow you to use
+
SecUploadKeepFiles
#    the "diff" command to quickly see the changes. It will also
+
SecAuditEngine
#    make upgrades to future rule sets easier.
+
SecAuditLogRelevantStatus
#
+
  SecAuditLogType
# 2) Document your changes thoroughly.
+
SecAuditLog
#
+
SecAuditLogParts
# You are advised to start with ModSecurity in detection mode only.
+
SecCookieFormat
# Switch to protection when you are comfortable with your rule set.
+
  SecRequestBodyInMemoryLimit
# For maximum protection monitor your logs on daily basis (or
+
SecDebugLog
# better).
+
SecDebugLogLevel
#
+
SecTmpDir
 +
 
 +
See the [[http://www.modsecurity.org/documentation/modsecurity-apache/2.5.9/modsecurity2-apache-reference.html | ModSecurity Reference Manual]] for directive documentation.

Revision as of 16:09, 6 August 2009

The data within this conf file may be specified within Apache virtual host containers. The following ModSecurity directives are set within this file - 

SecRuleEngine
SecRequestBodyAccess
SecResponseBodyAccess
SecResponseBodyMimeType
SecResponseBodyLimit
SecResponseBodyLimitAction
SecDefaultAction
SecUploadDir
SecUploadKeepFiles
SecAuditEngine
SecAuditLogRelevantStatus
SecAuditLogType
SecAuditLog
SecAuditLogParts
SecCookieFormat
SecRequestBodyInMemoryLimit
SecDebugLog
SecDebugLogLevel
SecTmpDir

See the [| ModSecurity Reference Manual] for directive documentation.

Retrieved from "https://wiki.owasp.org/index.php?title=Modsecurity_crs_10_config.conf&oldid=67347"