From f278315081b24b59bf73e9613e552e3519200a71 Mon Sep 17 00:00:00 2001
From: jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>
Date: Mon, 28 May 2012 04:39:18 +0000
Subject: Improve error reporting with a reason code. Improve debug and audit
 logging. Fix test scripts to cleanup state from previous builds and correctly
 report test errors.

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1343138 13f79535-47bb-0310-9956-ffa450edef68
---
 sca-cpp/trunk/modules/http/mod-security-conf | 21 ++++-----------------
 1 file changed, 4 insertions(+), 17 deletions(-)

(limited to 'sca-cpp/trunk/modules/http/mod-security-conf')

diff --git a/sca-cpp/trunk/modules/http/mod-security-conf b/sca-cpp/trunk/modules/http/mod-security-conf
index fdc4d8e24d..4d978a01cb 100755
--- a/sca-cpp/trunk/modules/http/mod-security-conf
+++ b/sca-cpp/trunk/modules/http/mod-security-conf
@@ -81,8 +81,8 @@ IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
 SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" "phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
 
 # Avoid a potential RegEx DoS condition
-SecPcreMatchLimit 10000
-SecPcreMatchLimitRecursion 10000
+SecPcreMatchLimit 50000
+SecPcreMatchLimitRecursion 50000
 SecRule TX:/^MSC_/ "!@streq 0" "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
 
 # Detect slow DoS attacks
@@ -100,13 +100,6 @@ SecResponseBodyLimitAction ProcessPartial
 SecTmpDir $root/tmp/
 SecDataDir $root/tmp/
 
-# Enable mod-security audit log
-SecAuditEngine RelevantOnly
-SecAuditLogRelevantStatus "^(?:5|4(?!04))"
-SecAuditLogParts ABIJDEFHKZ
-SecAuditLogType Serial
-Include conf/mod-security-log.conf
-
 # Use & as application/x-www-form-urlencoded parameter separator
 SecArgumentSeparator &
 
@@ -120,8 +113,8 @@ setvar:tx.critical_anomaly_score=5, \
 setvar:tx.error_anomaly_score=4, \
 setvar:tx.warning_anomaly_score=3, \
 setvar:tx.notice_anomaly_score=2"
-SecAction "phase:1,id:'981208',t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=5"
-SecAction "phase:1,id:'981209',t:none,nolog,pass,setvar:tx.outbound_anomaly_score_level=4"
+SecAction "phase:1,id:'981208',t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=10"
+SecAction "phase:1,id:'981209',t:none,nolog,pass,setvar:tx.outbound_anomaly_score_level=8"
 
 # Paranoid mode
 SecAction "phase:1,id:'981210',t:none,nolog,pass,setvar:tx.paranoid_mode=0"
@@ -186,12 +179,6 @@ Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_25_cc_known.conf
 Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_42_comment_spam.conf
 Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_47_skip_outbound_checks.conf
 Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_55_application_defects.conf
-EOF
-
-# Configure audit logging
-cat >$root/conf/mod-security-log.conf <<EOF
-# Generated by: mod-security-conf $*
-SecAuditLog $root/logs/modsec_audit_log
 
 EOF
 
-- 
cgit v1.2.3