<IfDefine HAVE_SECURITY> <IfModule !mod_security.c> LoadModule security_module extramodules/mod_security.so </IfModule> </IfDefine> <IfModule mod_security.c> # Basic configuration options # SecAuditEngine - On, Off or RelevantOnly to determine the level of audit logging SecRuleEngine On # SecRequestBodyAccess - On or Off SecRequestBodyAccess On # SecResponseBodyAccess - On or Off SecResponseBodyAccess Off # Handling of file uploads # TODO Choose a folder private to Apache. # SecUploadDir /opt/apache-frontend/tmp/ SecUploadKeepFiles Off # Debug log # SecDebugLog - path to the debug log file SecDebugLog logs/modsec_debug.log # SecDebugLogLevel - debug log level, which controls the verbosity of # logging. Use values from 0 (no logging) to 9 (a *lot* of logging). SecDebugLogLevel 0 # Serial audit log SecAuditEngine RelevantOnly # SecAuditLogRelevantStatus - regular expression that will be used to # determine if the response status is relevant for audit logging SecAuditLogRelevantStatus ^5 # SecAuditLogStorageDir - path to the audit log storage area; absolute, # or relative to the root of the server # SecAuditLogParts - list of audit log parts that go into the log. SecAuditLogParts ABIFHZ # SecAuditLogType - whether to use the old audit log format (Serial) or new (Concurrent) SecAuditLogType Serial # SecAuditLog - The filename of the audit log file SecAuditLog logs/modsec_audit.log # SecRequestBodyLimit - maximum request body size ModSecurity is # allowed to access. SecRequestBodyLimit 131072 # SecRequestBodyInMemoryLimit - maximum request body size that will # be placed in memory (except for POST urlencoded requests). # Store up to 128 KB in memory SecRequestBodyInMemoryLimit 131072 # Buffer response bodies of up to # 512 KB in length SecResponseBodyLimit 524288 # SecAction - # SecArgumentSeparator - character that will be used as separator when # parsing application/x-www-form-urlencoded content. # SecChrootDir - Path of the directory to which server will be chrooted # SecCookieFormat - version of the Cookie specification to use for # parsing. Possible values are 0 and 1. # SecDataDir - # SecDefaultAction - # SecDefaultTransformation - # SecGuardianLog - The filename of the filter debugging log file # SecResponseBodyMimeType - adds given MIME types to the list of types # that will be buffered on output # SecResponseBodyMimeTypesClear - clears the list of MIME types that will # be buffered on output # SecRule - # SecRuleEngine - On or Off # SecRuleInheritance - On or Off # SecRuleRemoveById - # SecRuleRemoveByMsg - # SecServerSignature - The new signature of the server # SecTmpDir - # SecWebAppId - # include the core rules..., beware! #Include conf/modsecurity/*.conf </IfModule>