+++ /dev/null
-<IfModule mod_security2.c>
- # ModSecurity Core Rules Set configuration
-<%- if scope.function_versioncmp([scope.lookupvar('::apache::apache_version'), '2.4']) >= 0 -%>
- IncludeOptional <%= @modsec_dir %>/*.conf
- IncludeOptional <%= @modsec_dir %>/activated_rules/*.conf
-<%- else -%>
- Include <%= @modsec_dir %>/*.conf
- Include <%= @modsec_dir %>/activated_rules/*.conf
-<%- end -%>
-
- # Default recommended configuration
- SecRuleEngine On
- SecRequestBodyAccess On
- SecRule REQUEST_HEADERS:Content-Type "text/xml" \
- "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
- SecRequestBodyLimit 13107200
- SecRequestBodyNoFilesLimit 131072
- SecRequestBodyInMemoryLimit 131072
- SecRequestBodyLimitAction Reject
- SecRule REQBODY_ERROR "!@eq 0" \
- "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
- SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
- "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: \
- PE %{REQBODY_PROCESSOR_ERROR}, \
- BQ %{MULTIPART_BOUNDARY_QUOTED}, \
- BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
- DB %{MULTIPART_DATA_BEFORE}, \
- DA %{MULTIPART_DATA_AFTER}, \
- HF %{MULTIPART_HEADER_FOLDING}, \
- LF %{MULTIPART_LF_LINE}, \
- SM %{MULTIPART_MISSING_SEMICOLON}, \
- IQ %{MULTIPART_INVALID_QUOTING}, \
- IP %{MULTIPART_INVALID_PART}, \
- IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
- FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
-
- SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
- "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
-
- SecPcreMatchLimit 1000
- SecPcreMatchLimitRecursion 1000
-
- SecRule TX:/^MSC_/ "!@streq 0" \
- "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
-
- SecResponseBodyAccess Off
- SecResponseBodyMimeType text/plain text/html text/xml
- SecResponseBodyLimit 524288
- SecResponseBodyLimitAction ProcessPartial
- SecDebugLogLevel 0
- SecAuditEngine RelevantOnly
- SecAuditLogRelevantStatus "^(?:5|4(?!04))"
- SecAuditLogParts ABIJDEFHZ
- SecAuditLogType Serial
- SecArgumentSeparator &
- SecCookieFormat 0
-<%- if scope.lookupvar('::osfamily') == 'Debian' -%>
- SecDebugLog /var/log/apache2/modsec_debug.log
- SecAuditLog /var/log/apache2/modsec_audit.log
- SecTmpDir /var/cache/modsecurity
- SecDataDir /var/cache/modsecurity
-<% else -%>
- SecDebugLog /var/log/httpd/modsec_debug.log
- SecAuditLog /var/log/httpd/modsec_audit.log
- SecTmpDir /var/lib/mod_security
- SecDataDir /var/lib/mod_security
-<% end -%>
-</IfModule>