This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Modsecurity crs 10 config.conf

From OWASP
Revision as of 16:04, 6 August 2009 by Rcbarnett (talk | contribs) (Created page with '# The directives within this file can be included within # Virtual Host containers. # # Configuration contained in this file should be customized # for your specific requirements…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  1. The directives within this file can be included within
  2. Virtual Host containers.
  4. Configuration contained in this file should be customized
  5. for your specific requirements before deployment.
  7. Next to each rule there is a description of what it does. Each
  8. location where customization is needed is marked with "TODO". It
  9. is recommended that you:
  11. 1) Keep a copy of the original file. This will allow you to use
  12. the "diff" command to quickly see the changes. It will also
  13. make upgrades to future rule sets easier.
  15. 2) Document your changes thoroughly.
  17. You are advised to start with ModSecurity in detection mode only.
  18. Switch to protection when you are comfortable with your rule set.
  19. For maximum protection monitor your logs on daily basis (or
  20. better).
Retrieved from "https://wiki.owasp.org/index.php?title=Modsecurity_crs_10_config.conf&oldid=67346"