trukhinyuri · February 20, 2014 10:47
diff --git a/gistfile1.txt b/gistfile1.txt
 #LoadModule security2_module modules/mod_security2.so

 <IfModule !mod_unique_id.c>
    #LoadModule unique_id_module modules/mod_unique_id.so
 </IfModule>
 <IfModule mod_security2.c>
    # ModSecurity Core Rules Set configuration
 	Include modsecurity.d/*.conf
 	Include modsecurity.d/activated_rules/*.conf
    
    # Default recommended configuration
    SecRuleEngine On
    SecRequestBodyAccess On
    SecRule REQUEST_HEADERS:Content-Type "text/xml" \
         "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
    SecRequestBodyLimit 13107200
    SecRequestBodyNoFilesLimit 131072
    SecRequestBodyInMemoryLimit 131072
    SecRequestBodyLimitAction Reject
    SecRule REQBODY_ERROR "!@eq 0" \
    "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
    SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
    "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
    failed strict validation: \
    PE %{REQBODY_PROCESSOR_ERROR}, \
    BQ %{MULTIPART_BOUNDARY_QUOTED}, \
    BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
    DB %{MULTIPART_DATA_BEFORE}, \
    DA %{MULTIPART_DATA_AFTER}, \
    HF %{MULTIPART_HEADER_FOLDING}, \
    LF %{MULTIPART_LF_LINE}, \
    SM %{MULTIPART_MISSING_SEMICOLON}, \
    IQ %{MULTIPART_INVALID_QUOTING}, \
    IP %{MULTIPART_INVALID_PART}, \
    IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
    FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"

    SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
    "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"

    SecPcreMatchLimit 1000
    SecPcreMatchLimitRecursion 1000

    SecRule TX:/^MSC_/ "!@streq 0" \
            "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"

    SecResponseBodyAccess Off
    SecDebugLog /var/log/httpd/modsec_debug.log
    SecDebugLogLevel 0
    SecAuditEngine RelevantOnly
    SecAuditLogRelevantStatus "^(?:5|4(?!04))"
    SecAuditLogParts ABIJDEFHZ
    SecAuditLogType Serial
    SecAuditLog /var/log/httpd/modsec_audit.log
    SecArgumentSeparator &
    SecCookieFormat 0
    SecTmpDir /var/lib/mod_security
    SecDataDir /var/lib/mod_security
 </IfModule>
	#LoadModule security2_module modules/mod_security2.so

	<IfModule !mod_unique_id.c>
	#LoadModule unique_id_module modules/mod_unique_id.so
	</IfModule>
	<IfModule mod_security2.c>
	# ModSecurity Core Rules Set configuration
	Include modsecurity.d/*.conf
	Include modsecurity.d/activated_rules/*.conf

	# Default recommended configuration
	SecRuleEngine On
	SecRequestBodyAccess On
	SecRule REQUEST_HEADERS:Content-Type "text/xml" \
	"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
	SecRequestBodyLimit 13107200
	SecRequestBodyNoFilesLimit 131072
	SecRequestBodyInMemoryLimit 131072
	SecRequestBodyLimitAction Reject
	SecRule REQBODY_ERROR "!@eq 0" \
	"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
	SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
	"id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
	failed strict validation: \
	PE %{REQBODY_PROCESSOR_ERROR}, \
	BQ %{MULTIPART_BOUNDARY_QUOTED}, \
	BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
	DB %{MULTIPART_DATA_BEFORE}, \
	DA %{MULTIPART_DATA_AFTER}, \
	HF %{MULTIPART_HEADER_FOLDING}, \
	LF %{MULTIPART_LF_LINE}, \
	SM %{MULTIPART_MISSING_SEMICOLON}, \
	IQ %{MULTIPART_INVALID_QUOTING}, \
	IP %{MULTIPART_INVALID_PART}, \
	IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
	FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"

	SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
	"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"

	SecPcreMatchLimit 1000
	SecPcreMatchLimitRecursion 1000

	SecRule TX:/^MSC_/ "!@streq 0" \
	"id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"

	SecResponseBodyAccess Off
	SecDebugLog /var/log/httpd/modsec_debug.log
	SecDebugLogLevel 0
	SecAuditEngine RelevantOnly
	SecAuditLogRelevantStatus "^(?:5\|4(?!04))"
	SecAuditLogParts ABIJDEFHZ
	SecAuditLogType Serial
	SecAuditLog /var/log/httpd/modsec_audit.log
	SecArgumentSeparator &
	SecCookieFormat 0
	SecTmpDir /var/lib/mod_security
	SecDataDir /var/lib/mod_security
	</IfModule>