ALT Linux Bugzilla
– Attachment 1271 Details for
Bug 8583
[FR] initial configuration template
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
sample mod_security configuration
modsec.conf (text/plain), 1.94 KB, created by
Michael Shigorin
on 2005-12-02 14:55:32 MSK
(
hide
)
Description:
sample mod_security configuration
Filename:
MIME Type:
Creator:
Michael Shigorin
Created:
2005-12-02 14:55:32 MSK
Size:
1.94 KB
patch
obsolete
><IfModule mod_security.c> > > # Only inspect dynamic requests > # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED) > SecFilterEngine DynamicOnly > > # Reject requests with status 403 > SecFilterDefaultAction "deny,log,status:403" > > # Some sane defaults > SecFilterScanPOST On > SecFilterCheckURLEncoding On > SecFilterCheckCookieFormat On > SecFilterCheckUnicodeEncoding Off > > # Accept almost all byte values > SecFilterForceByteRange 1 255 > > #SecFilterSelective "QUERY_STRING" "wget" "deny,log,status:403" > SecFilterSelective "QUERY_STRING" "cmd=wget" "deny,log,status:403" > SecFilterSelective "QUERY_STRING" ";wget" "deny,log,status:403" > SecFilterSelective "QUERY_STRING" "wget " "deny,log,status:403" > SecFilterSelective "QUERY_STRING" " wget" "deny,log,status:403" > > # phpbb2 (and friends?) remote code exec > SecFilterSelective ARG_highlight "(\x27|%27|\x2527|%2527)" > SecFilterSelective THE_REQUEST "\x27|%27|\x2527|%2527" > > # Server masking is optional > # SecServerSignature "Apache" > > #SecUploadDir /tmp > #SecUploadKeepFiles Off > > # Only record the interesting stuff > SecAuditEngine RelevantOnly > SecAuditLog logs/audit_log > > # You normally won't need debug logging > SecFilterDebugLevel 0 > SecFilterDebugLog logs/modsec_debug_log > > # Only accept request encodings we know how to handle > # we exclude GET requests from this because some (automated) > # clients supply "text/html" as Content-Type > SecFilterSelective REQUEST_METHOD "!^GET$" chain > SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)" > > # Require Content-Length to be provided with > # every POST request > SecFilterSelective REQUEST_METHOD "^POST$" chain > SecFilterSelective HTTP_Content-Length "^$" > > # Don't accept transfer encodings we know we don't handle > # (and you don't need it anyway) > SecFilterSelective HTTP_Transfer-Encoding "!^$" > ></IfModule> >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1271">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 8583
: 1271
