2
<IfModule mod_security.c>
4
# Turn the filtering engine On or Off
7
# Make sure that URL encoding is valid
8
SecFilterCheckURLEncoding On
10
# Only allow bytes from this range
11
SecFilterForceByteRange 32 126
13
# The audit engine works independently and
14
# can be turned On of Off on the per-server or
15
# on the per-directory basis. "On" will log everything,
16
# "DynamicOrRelevant" will log dynamic requests or violations,
17
# and "RelevantOnly" will only log policy violations
18
SecAuditEngine RelevantOnly
20
# The name of the audit log file
21
SecAuditLog /var/log/apache/audit.log
23
SecFilterDebugLog /var/log/apache/modsec_debug.log
26
# Should mod_security inspect POST payloads
29
# Action to take by default
30
SecFilterDefaultAction "deny,log,status:500"
32
# Redirect user on filter match
33
SecFilter xxx redirect:http://127.0.0.1
35
# Execute the external script on filter match
36
SecFilter yyy log,exec:/usr/share/mod-security/report-attack.pl
41
# Only check the QUERY_STRING variable
42
SecFilterSelective QUERY_STRING 222
44
# Only check the body of the POST request
45
SecFilterSelective POST_PAYLOAD 333
47
# Only check arguments (will work for GET and POST)
48
SecFilterSelective ARGS 444
51
SecFilter "/cgi-bin/modsec-test.pl/keyword"
53
# Another test filter, will be denied with 404 but not logged
54
# action supplied as a parameter overrides the default action
55
SecFilter 999 "deny,nolog,status:500"
57
# Prevent OS specific keywords
60
# Prevent path traversal (..) attacks
63
# Weaker XSS protection but allows common HTML tags
64
SecFilter "<[[:space:]]*script"
66
# Prevent XSS atacks (HTML/Javascript injection)
69
# Very crude filters to prevent SQL injection attacks
70
SecFilter "delete[[:space:]]+from"
71
SecFilter "insert[[:space:]]+into"
72
SecFilter "select.+from"
74
# Require HTTP_USER_AGENT and HTTP_HOST headers
75
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
78
SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data
80
# Only watch argument p1
81
SecFilterSelective "ARG_p1" 555
83
# Watch all arguments except p1
84
SecFilterSelective "ARGS|!ARG_p2" 666
86
# Only allow our own test utility to send requests (or Mozilla)
87
SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
89
# Do not allow variables with this name
90
SecFilterSelective ARGS_NAMES 777
92
# Do now allow this variable value (names are ok)
93
SecFilterSelective ARGS_VALUES 888
95
# Test for a POST variable parsing bug, see test #41
96
SecFilterSelective ARG_p2 AAA
98
# Stop spamming through FormMail
99
# note the exclamation mark at the beginning
100
# of the filter - only requests that match this regex will
102
<Location /cgi-bin/FormMail>
103
SecFilterSelective "ARG_recipient" "!@webkreator.com$"
106
# when allowing upload, only allow images
107
# note that this is not foolproof, a determined attacker
108
# could get around this
109
<Location /fileupload.php>
110
SecFilterInheritance Off
111
SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"