This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Modsecurity crs 10 config.conf"

From OWASP
Jump to: navigation, search
(Created page with '# The directives within this file can be included within # Virtual Host containers. # # Configuration contained in this file should be customized # for your specific requirements…')
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
# The directives within this file can be included within
+
The data within this conf file may be specified within Apache virtual host containers. The following ModSecurity directives are set within this file -
# Virtual Host containers.
+
 
#
+
SecRuleEngine
# Configuration contained in this file should be customized
+
SecRequestBodyAccess
# for your specific requirements before deployment.
+
SecResponseBodyAccess
#
+
SecResponseBodyMimeType
# Next to each rule there is a description of what it does. Each
+
SecResponseBodyLimit
# location where customization is needed is marked with "TODO". It
+
SecResponseBodyLimitAction
# is recommended that you:
+
SecDefaultAction
#
+
SecUploadDir
# 1) Keep a copy of the original file. This will allow you to use
+
SecUploadKeepFiles
#    the "diff" command to quickly see the changes. It will also
+
SecAuditEngine
#    make upgrades to future rule sets easier.
+
SecAuditLogRelevantStatus
#
+
SecAuditLogType
# 2) Document your changes thoroughly.
+
SecAuditLog
#
+
SecAuditLogParts
# You are advised to start with ModSecurity in detection mode only.
+
  SecCookieFormat
# Switch to protection when you are comfortable with your rule set.
+
SecRequestBodyInMemoryLimit
# For maximum protection monitor your logs on daily basis (or
+
SecDebugLog
# better).
+
SecDebugLogLevel
#
+
  SecTmpDir
 +
 
 +
See the [http://www.modsecurity.org/documentation/modsecurity-apache/2.5.9/modsecurity2-apache-reference.html | ModSecurity Reference Manual] for directive documentation.
 +
 
 +
{{:Key Project Information:OWASP ModSecurity Core Rule Set Project}}
 +
[[Category:OWASP Project]]
 +
[[Category:OWASP Document]]
 +
[[Category:OWASP Alpha Quality Document]]

Latest revision as of 16:11, 6 August 2009

The data within this conf file may be specified within Apache virtual host containers. The following ModSecurity directives are set within this file - 

SecRuleEngine
SecRequestBodyAccess
SecResponseBodyAccess
SecResponseBodyMimeType
SecResponseBodyLimit
SecResponseBodyLimitAction
SecDefaultAction
SecUploadDir
SecUploadKeepFiles
SecAuditEngine
SecAuditLogRelevantStatus
SecAuditLogType
SecAuditLog
SecAuditLogParts
SecCookieFormat
SecRequestBodyInMemoryLimit
SecDebugLog
SecDebugLogLevel
SecTmpDir

See the | ModSecurity Reference Manual for directive documentation.

PROJECT INFORMATION
Project Name OWASP ModSecurity Core Rule Set Project
Short Project Description

The purpose of this project is the documentation and development of the ModSecurity Core Rule Set. Unlike intrusion detection and prevention systems, which rely on signature specific to known vulnerabilities, the Core Rules are based on generic rules in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded.

Key Project Information

Project Leader
Ryan Barnett

Project Contibutors
Brian Rectanus
(add account link, please)

Mailing List
Subscribe here
Use here

License
GNU General Public License

Project Type
Document

Sponsor
BreachSecurityLabs.jpg
Release Status Main Links Related Projects

Apha Quality
Please see here for complete information.

add here.

ModSecurity-Open Source Web Application Firewall
OWASP Securing WebGoat using ModSecurity

Retrieved from "https://wiki.owasp.org/index.php?title=Modsecurity_crs_10_config.conf&oldid=67349"