diff options
Diffstat (limited to 'sca-cpp/trunk/modules/http/mod-security-conf')
-rwxr-xr-x | sca-cpp/trunk/modules/http/mod-security-conf | 21 |
1 files changed, 4 insertions, 17 deletions
diff --git a/sca-cpp/trunk/modules/http/mod-security-conf b/sca-cpp/trunk/modules/http/mod-security-conf index fdc4d8e24d..4d978a01cb 100755 --- a/sca-cpp/trunk/modules/http/mod-security-conf +++ b/sca-cpp/trunk/modules/http/mod-security-conf @@ -81,8 +81,8 @@ IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'" SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" "phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" # Avoid a potential RegEx DoS condition -SecPcreMatchLimit 10000 -SecPcreMatchLimitRecursion 10000 +SecPcreMatchLimit 50000 +SecPcreMatchLimitRecursion 50000 SecRule TX:/^MSC_/ "!@streq 0" "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" # Detect slow DoS attacks @@ -100,13 +100,6 @@ SecResponseBodyLimitAction ProcessPartial SecTmpDir $root/tmp/ SecDataDir $root/tmp/ -# Enable mod-security audit log -SecAuditEngine RelevantOnly -SecAuditLogRelevantStatus "^(?:5|4(?!04))" -SecAuditLogParts ABIJDEFHKZ -SecAuditLogType Serial -Include conf/mod-security-log.conf - # Use & as application/x-www-form-urlencoded parameter separator SecArgumentSeparator & @@ -120,8 +113,8 @@ setvar:tx.critical_anomaly_score=5, \ setvar:tx.error_anomaly_score=4, \ setvar:tx.warning_anomaly_score=3, \ setvar:tx.notice_anomaly_score=2" -SecAction "phase:1,id:'981208',t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=5" -SecAction "phase:1,id:'981209',t:none,nolog,pass,setvar:tx.outbound_anomaly_score_level=4" +SecAction "phase:1,id:'981208',t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=10" +SecAction "phase:1,id:'981209',t:none,nolog,pass,setvar:tx.outbound_anomaly_score_level=8" # Paranoid mode SecAction "phase:1,id:'981210',t:none,nolog,pass,setvar:tx.paranoid_mode=0" @@ -186,12 +179,6 @@ Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_25_cc_known.conf Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_42_comment_spam.conf Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_47_skip_outbound_checks.conf Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_55_application_defects.conf -EOF - -# Configure audit logging -cat >$root/conf/mod-security-log.conf <<EOF -# Generated by: mod-security-conf $* -SecAuditLog $root/logs/modsec_audit_log EOF |