summaryrefslogtreecommitdiffstats
path: root/sca-cpp/trunk/modules/http/mod-security-conf
diff options
context:
space:
mode:
Diffstat (limited to 'sca-cpp/trunk/modules/http/mod-security-conf')
-rwxr-xr-xsca-cpp/trunk/modules/http/mod-security-conf21
1 files changed, 4 insertions, 17 deletions
diff --git a/sca-cpp/trunk/modules/http/mod-security-conf b/sca-cpp/trunk/modules/http/mod-security-conf
index fdc4d8e24d..4d978a01cb 100755
--- a/sca-cpp/trunk/modules/http/mod-security-conf
+++ b/sca-cpp/trunk/modules/http/mod-security-conf
@@ -81,8 +81,8 @@ IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" "phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
# Avoid a potential RegEx DoS condition
-SecPcreMatchLimit 10000
-SecPcreMatchLimitRecursion 10000
+SecPcreMatchLimit 50000
+SecPcreMatchLimitRecursion 50000
SecRule TX:/^MSC_/ "!@streq 0" "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
# Detect slow DoS attacks
@@ -100,13 +100,6 @@ SecResponseBodyLimitAction ProcessPartial
SecTmpDir $root/tmp/
SecDataDir $root/tmp/
-# Enable mod-security audit log
-SecAuditEngine RelevantOnly
-SecAuditLogRelevantStatus "^(?:5|4(?!04))"
-SecAuditLogParts ABIJDEFHKZ
-SecAuditLogType Serial
-Include conf/mod-security-log.conf
-
# Use & as application/x-www-form-urlencoded parameter separator
SecArgumentSeparator &
@@ -120,8 +113,8 @@ setvar:tx.critical_anomaly_score=5, \
setvar:tx.error_anomaly_score=4, \
setvar:tx.warning_anomaly_score=3, \
setvar:tx.notice_anomaly_score=2"
-SecAction "phase:1,id:'981208',t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=5"
-SecAction "phase:1,id:'981209',t:none,nolog,pass,setvar:tx.outbound_anomaly_score_level=4"
+SecAction "phase:1,id:'981208',t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=10"
+SecAction "phase:1,id:'981209',t:none,nolog,pass,setvar:tx.outbound_anomaly_score_level=8"
# Paranoid mode
SecAction "phase:1,id:'981210',t:none,nolog,pass,setvar:tx.paranoid_mode=0"
@@ -186,12 +179,6 @@ Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_25_cc_known.conf
Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_42_comment_spam.conf
Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_47_skip_outbound_checks.conf
Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_55_application_defects.conf
-EOF
-
-# Configure audit logging
-cat >$root/conf/mod-security-log.conf <<EOF
-# Generated by: mod-security-conf $*
-SecAuditLog $root/logs/modsec_audit_log
EOF