Changes - j0ke.net Open Build Service

Difference Between Revision 4 and internetx:managed:testing / mod_security

[-] [+]	Deleted	mod_security-ix.changes
@@ -1,134 +0,0 @@ -------------------------------------------------------------------- -Wed Jan 11 06:34:21 UTC 2023 - Carsten Schoene <carsten.schoene@internetx.com> - -- Update to release 2.9.7 - -------------------------------------------------------------------- -Thu Mar 17 10:30:16 UTC 2022 - Local OBS User <cs@linux-administrator.com> - -- Update to release 2.9.5 - -------------------------------------------------------------------- -Mon Aug 23 11:39:54 UTC 2021 - Local OBS User <cs@linux-administrator.com> - -- Update to release 2.9.4 - -------------------------------------------------------------------- -Wed Feb 5 09:52:49 UTC 2020 - Local OBS User <cs@linux-administrator.com> - -- Update to release 2.9.3 - -------------------------------------------------------------------- -Wed May 16 06:44:59 UTC 2018 - cs@linux-administrator.com - -- Update to release 2.9.2 - -------------------------------------------------------------------- -Thu Apr 9 09:26:32 UTC 2015 - cs@linux-administrator.com - -- Update to relesae 2.9.0 -- set PERL ENV var to /usr/bin/perl -- drop mlogc-disable-force-sslv3.patch (TLSv1 is default now) - -------------------------------------------------------------------- -Fri Aug 8 17:29:19 UTC 2014 - cs@linux-administrator.com - -- Update to release 2.8.0 - -------------------------------------------------------------------- -Sun Jan 5 16:20:52 UTC 2014 - cs@linux-administrator.com - -- enable --enable-htaccess-config - -------------------------------------------------------------------- -Thu Dec 19 23:23:46 UTC 2013 - cs@linux-administrator.com - -- Update to release 2.7.7 - -------------------------------------------------------------------- -Tue Jul 30 17:01:30 UTC 2013 - cs@linux-administrator.com - -- Update to release 2.7.5 - -------------------------------------------------------------------- -Thu Jul 11 19:33:18 UTC 2013 - cs@linux-administrator.com - -- build against asl-libxml2 for EL5 based systems - -------------------------------------------------------------------- -Sat Jun 29 17:00:16 UTC 2013 - cs@linux-administrator.com - -- added CVE-2013-2765.patch for 2.6.8 (included in 2.7.4) - -------------------------------------------------------------------- -Wed Jun 5 10:16:47 UTC 2013 - cs@linux-administrator.com - -- fix permissions in cleanup cron script - -------------------------------------------------------------------- -Mon May 27 17:02:32 UTC 2013 - cs@linux-administrator.com - -- Update to release 2.7.4 (only for >= SLE_11, >= EL6) - -------------------------------------------------------------------- -Fri Mar 29 17:31:45 UTC 2013 - cs@linux-administrator.com - -- Update to release 2.7.3 (only for >= SLE_11, >= EL6) - -------------------------------------------------------------------- -Fri Jan 25 20:10:39 UTC 2013 - cs@linux-administrator.com - -- Update to release 2.7.2 (only for >= SLE_11, >= EL6) - -------------------------------------------------------------------- -Sat Dec 29 10:33:37 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.7.1 (only for >= SLE_11, >= EL6) - -------------------------------------------------------------------- -Wed Oct 3 08:10:36 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.6.8 - -------------------------------------------------------------------- -Sun Jul 29 15:58:38 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.6.7 - -------------------------------------------------------------------- -Wed Jul 18 07:05:49 UTC 2012 - cs@linux-administrator.com - -- disable Rule 340152 - -------------------------------------------------------------------- -Tue Jul 3 08:30:53 UTC 2012 - cs@linux-administrator.com - -- disable Cross-Site Request Forgery (CSRF) rules -- add cleanup cron for /var/asl/data/audit - -------------------------------------------------------------------- -Mon Jun 18 10:21:17 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.6.6 - - added rule 391213 to default exclude list - -------------------------------------------------------------------- -Thu Mar 29 21:43:48 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.6.5 - -------------------------------------------------------------------- -Sat Jan 7 21:44:12 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.6.3 - -------------------------------------------------------------------- -Sun Oct 23 09:49:21 UTC 2011 - cs@linux-administrator.com - -- Update to release 2.6.2 - -------------------------------------------------------------------- -Fri Jul 22 07:10:30 UTC 2011 - cs@linux-administrator.com - -- Update to release 2.6.1 -
[-] [+]	Changed	mod_security-ix.spec ^
@@ -1,203 +1,80 @@ -%define aslxml 1 -%define pkgname modsecurity- Summary: Security module for the Apache HTTP Server Name: mod_security -%if 0%{?centos_version} >= 6 \|\| 0%{?rhel_version} >= 600 \|\| 0%{?sl_version} >= 600 \|\| 0%{?suse_version} >= 1110 \|\| 0%{?sles_version} >= 11 -%define pkgversion 2.9.7 -%define oldver 0 -%define _aslxml 0 -%define epoch 1 -BuildRequires: libxml2-devel -%else -%if %{aslxml} -%define pkgversion 2.9.7 -%define oldver 0 -%define _aslxml 1 -%define epoch 1 -BuildRequires: asl-libxml2-devel -%else -%define pkgversion 2.6.8 -%define pkgname modsecurity-apache_ -%define oldver 1 -%define _aslxml 0 -%define epoch 0 -BuildRequires: libxml2-devel -%endif -%endif -Version: %{pkgversion} -Epoch: %{epoch} -Release: 35 +Version: 2.5.13 +Release: 17 License: GPLv2 URL: http://www.modsecurity.org/ Group: System Environment/Daemons -Source: http://www.modsecurity.org/download/%{pkgname}%{version}.tar.bz2 -%if 0%{?rhel_version} \|\| 0%{?centos_version} \|\| 0%{?sl_version} \|\| 0%{?redhat_version} +Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz Source1: 00_mod_security.conf -Source2: modsecurity_crs_10_config-default.conf -%endif -%if 0%{?suse_version} -Source1: 00_mod_security.conf.suse -Source2: modsecurity_crs_10_config-default.conf.suse -%endif -Source3: zzz_asl_custom_exclude.conf -Source4: zzz_asl_custom_local_exclude.conf -Source5: modsec-clamscan.pl -Source6: modsec-clean_var-asl-data-audit +Source2: modsecurity_crs_10_config-default.conf +Source3: 00_asl_custom_exclude.conf Patch1: waf-label.patch -Patch2: modsecurity-2.9.1_curl-lower_7.34.patch -Patch50: CVE-2013-2765.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -%if 0%{?rhel_version} \|\| 0%{?centos_version} \|\| 0%{?sl_version} \|\| 0%{?redhat_version} Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn \|\| echo missing) -BuildRequires: httpd-devel pkgconfig lua-devel -Requires: lua -%if 0%{?rhel} >= 7 -%define apxs %{_bindir}/apxs -%else -%define apxs %{_sbindir}/apxs -%endif -%define apache_libexecdir %(%{apxs} -q LIBEXECDIR) -##%define apache_sysconfdir %(%{apxs} -q SYSCONFDIR) -%define apache_sysconfdir /etc/httpd -%define apache_usr apache -%define apache_grp apache -%endif -%if 0%{?suse_version} -BuildRequires: apache2-devel apache2-prefork pkg-config openldap2-devel -BuildRequires: -post-build-checks -%if 0%{?suse_version} >= 1100 -BuildRequires: lua-devel -%endif -%define apxs %{_sbindir}/apxs2 -%define apache_libexecdir %(%{apxs} -q LIBEXECDIR) -%define apache_sysconfdir %(%{apxs} -q SYSCONFDIR) -%define apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)/MMN; test -x $MMN && $MMN) -%define apache_usr wwwrun -%define apache_grp www -Requires: apache2 %{apache_mmn} -Obsoletes: apache2-mod_security2 -Provides: apache2-mod_security2 = %{version} -%endif - -BuildRequires: pcre-devel libtool curl-devel +#Requires: asl +BuildRequires: httpd-devel libxml2-devel pcre-devel libtool pkgconfig curl-devel BuildRequires: curl +BuildRequires: lua-devel -BuildRequires: autoconf automake -Requires: libxml2 pcre +Requires: libxml2 pcre lua Provides: ix-mod_security = %{version} + %description ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks. %prep -%setup -n %{pkgname}%{version} +%setup -n modsecurity-apache_%{version} %patch1 -p1 -%patch2 -p0 -%if 0%{?oldver} == 1 -%patch50 -p1 -%endif %build CFLAGS="%{optflags}" export CFLAGS -export PERL=/usr/bin/perl - -[ ! -f configure ] && ./autogen.sh +cd apache2 %configure \ -%if 0%{_aslxml} == 1 - --with-libxml=/var/asl/usr/ \ -%endif - --enable-pcre-match-limit=no \ - --enable-pcre-match-limit-recursion=no \ - --enable-pcre-study \ - --enable-htaccess-config + --disable-pcre-match-limit \ + --disable-pcre-match-limit-recursion -make %{_smp_mflags} +# Legacy from LoadFile +#perl -pi.orig -e 's\|LIBDIR\|%{_libdir}\|;' %{SOURCE1} -cd mlogc -make %{_smp_mflags} +make %{_smp_mflags} %install rm -rf %{buildroot} -mkdir -p %{buildroot}/%{apache_sysconfdir}/modsecurity.d/ -mkdir -p %{buildroot}/%{apache_sysconfdir}/conf.d/ +mkdir -p %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/ +mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d/ mkdir -p %{buildroot}/var/asl/data/suspicious mkdir -p %{buildroot}/var/asl/data/msa mkdir -p %{buildroot}/var/asl/data/audit -install -D -m755 apache2/.libs/mod_security2.so %{buildroot}/%{apache_libexecdir}/mod_security2.so -install -D -m644 %{SOURCE1} %{buildroot}/%{apache_sysconfdir}/conf.d/00_mod_security.conf -install -D -m644 %{SOURCE2} %{buildroot}/%{apache_sysconfdir}/modsecurity.d/modsecurity_crs_10_config.conf -install -D -m644 %{SOURCE3} %{buildroot}/%{apache_sysconfdir}/modsec/zzz_asl_custom_exclude.conf -install -D -m644 %{SOURCE4} %{buildroot}/%{apache_sysconfdir}/modsec/zzz_asl_custom_local_exclude.conf -install -D -m755 %{SOURCE5} %{buildroot}%{_bindir}/modsec-clamscan.pl -install -D -m755 %{SOURCE6} %{buildroot}%{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit -sed -i s@"%APAUSR%:%APAGRP%"@"%{apache_usr}:%{apache_grp}"@g %{buildroot}%{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit - -mkdir -p %{buildroot}/var/log/mlogc/data -install -D -m755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc -install -m755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load.pl -install -m644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf -install -m644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc-default.conf -%if 0%{?suse_version} -sed -i s@"^LoadModule"@"#LoadModule"@g %{buildroot}/%{apache_sysconfdir}/conf.d/00_mod_security.conf -%endif +install -D -m755 apache2/.libs/mod_security2.so %{buildroot}/%{_libdir}/httpd/modules/mod_security2.so +install -D -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/00_mod_security.conf +install -D -m644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/modsecurity_crs_10_config.conf +install -D -m644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/httpd/modsec/00_asl_custom_exclude.conf %clean rm -rf %{buildroot} -%post -[ -x /usr/local/bin/modsec-permissions ] && /usr/local/bin/modsec-permissions \|\| : - %files %defattr (-,root,root) %doc CHANGES LICENSE README.* modsecurity* doc -%{apache_libexecdir}/mod_security2.so -%{_bindir}/modsec-clamscan.pl -%{_bindir}/mlogc -%{_bindir}/mlogc-batch-load.pl -%config %{apache_sysconfdir}/conf.d/00_mod_security.conf -%dir %{apache_sysconfdir}/modsecurity.d -%config(noreplace) %{apache_sysconfdir}/modsecurity.d/modsecurity_crs_10_config.conf -%dir %{apache_sysconfdir}/modsec -%config %{apache_sysconfdir}/modsec/zzz_asl_custom_exclude.conf -%config(noreplace) %{apache_sysconfdir}/modsec/zzz_asl_custom_local_exclude.conf -%config(noreplace) %{_sysconfdir}/mlogc.conf -%config %{_sysconfdir}/mlogc-default.conf -%config %{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit -%defattr(-,%{apache_usr},%{apache_grp}) +%{_libdir}/httpd/modules/mod_security2.so +%config %{_sysconfdir}/httpd/conf.d/00_mod_security.conf +%dir %{_sysconfdir}/httpd/modsecurity.d +%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/modsecurity_crs_10_config.conf +%config(noreplace) %{_sysconfdir}/httpd/modsec/00_asl_custom_exclude.conf +%defattr(-,apache,apache)
[-] [+]	Deleted	CVE-2013-2765.patch ^
@@ -1,10 +0,0 @@ ---- modsecurity-apache_2.6.8/apache2/msc_reqbody.c.orig 2013-06-29 18:56:31.446864803 +0200 -+++ modsecurity-apache_2.6.8/apache2/msc_reqbody.c 2013-06-29 18:56:45.354863561 +0200 -@@ -170,6 +170,7 @@ - - /* Would storing this chunk mean going over the limit? / - if ((msr->msc_reqbody_spilltodisk) -+ && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON) - && (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit)) - { - msc_data_chunk *chunks;
[-] [+]	Deleted	mlogc-disable-force-sslv3.patch ^
@@ -1,11 +0,0 @@ ---- mlogc/mlogc.c.orig 2012-03-05 17:20:00.254555490 +0100 -+++ mlogc/mlogc.c 2012-03-05 17:20:10.430753985 +0100 -@@ -1214,7 +1214,7 @@ - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); - /* SSLv3 works better overall as some servers have issues with TLS / -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); -+ / curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); */ - curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15); - curl_easy_setopt(curl, CURLOPT_NOSIGNAL, TRUE); - curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);
[-] [+]	Deleted	modsecurity-2.9.1_curl-lower_7.34.patch ^
@@ -1,60 +0,0 @@ ---- mlogc/mlogc.c.orig 2016-06-02 09:15:03.283648355 +0200 -+++ mlogc/mlogc.c 2016-06-02 10:59:44.378377602 +0200 -@@ -1270,33 +1270,36 @@ - } - - -- /* Seems like CURL_SSLVERSION_TLSv1_2 is not supported on libcurl -- * < v7.34.0 -- * -- * version_num is a 24 bit number created like this: -- * <8 bits major number> \| <8 bits minor number> \| <8 bits patch number>. -- / -- switch (tlsprotocol) { -- case 0: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); -- break; -- case 1: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); -- break; -- case 2: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -- break; -- default: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -- break; -- } - cmaj = curlversion->version_num >> 16; - cmin = (curlversion->version_num & 0x00ff00) >> 8; - cpat = (curlversion->version_num & 0x0000ff); - / If cURL version < v7.34.0, use TLS v1.x / - if (cmaj <= 7 && cmin < 34) { - curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); -- } -+#ifdef CURL_SSLVERSION_TLSv1_0 -+ } else { -+ / Seems like CURL_SSLVERSION_TLSv1_2 is not supported on libcurl -+ * < v7.34.0 -+ * -+ * version_num is a 24 bit number created like this: -+ * <8 bits major number> \| <8 bits minor number> \| <8 bits patch number>. -+ */ -+ switch (tlsprotocol) { -+ case 0: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); -+ break; -+ case 1: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); -+ break; -+ case 2: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -+ break; -+ default: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -+ break; -+ } -+#endif -+ } - - curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15); - curl_easy_setopt(curl, CURLOPT_NOSIGNAL, TRUE);
[-] [+]	Added	00_asl_custom_exclude.conf ^
@@ -0,0 +1 @@ +SecRuleRemoveById 350000
[-] [+]	Deleted	00_mod_security.conf.suse ^
@@ -1,18 +0,0 @@ -# Example configuration file for the mod_security Apache module - -#LoadModule security2_module modules/mod_security2.so -#LoadModule unique_id_module modules/mod_unique_id.so -# run: -# a2enmod unique_id -# a2enmod security2 - -<IfModule mod_security2.c> - # This is the ModSecurity Core Rules Set. - - # Basic configuration goes in here - Include /etc/apache2/modsecurity.d/modsecurity_crs_10_config.conf - - # Rule management is handled by ASL - Include /etc/apache2/modsec/asl.conf - -</IfModule>
[-] [+]	Deleted	modsec-clamscan.pl ^
@@ -1,50 +0,0 @@ -#!/usr/bin/perl -# -# modsec-clamscan.pl -# ModSecurity for Apache (http://www.modsecurity.org) -# Copyright (c) 2002-2007 Breach Security, Inc. (http://www.breach.com) -# -# This script is an interface between mod_security and its -# ability to intercept files being uploaded through the -# web server, and ClamAV - -# by default use the command-line version of ClamAV, -# which is slower but more likely to work out of the -# box -$CLAMSCAN = "/usr/bin/clamscan"; - -# using ClamAV in daemon mode is faster since the -# anti-virus engine is already running, but you also -# need to configure file permissions to allow ClamAV, -# usually running as a user other than the one Apache -# is running as, to access the files -# $CLAMSCAN = "/usr/bin/clamdscan"; - -if (@ARGV != 1) { - print "Usage: modsec-clamscan.pl <filename>\n"; - exit; -} - -my ($FILE) = @ARGV; - -$cmd = "$CLAMSCAN --stdout --no-summary $FILE"; -$input = `$cmd`; -$input =~ m/^(.+)/; -$error_message = $1; - -$output = "0 Unable to parse clamscan output [$1]"; - -if ($error_message =~ m/: Empty file\.?$/) { - $output = "1 empty file"; -} -elsif ($error_message =~ m/: (.+) ERROR$/) { - $output = "0 clamscan: $1"; -} -elsif ($error_message =~ m/: (.+) FOUND$/) { - $output = "0 clamscan: $1"; -} -elsif ($error_message =~ m/: OK$/) { - $output = "1 clamscan: OK"; -} - -print "$output\n";
[-] [+]	Deleted	modsec-clean_var-asl-data-audit ^
@@ -1,5 +0,0 @@ -#!/bin/bash -nice -n 19 find /var/asl/data/audit -type d -mindepth 1 -cmin +30 -print0 \| xargs -r -0 rm -rf -mkdir -p /var/asl/data/audit -chown -R %APAUSR%:%APAGRP% /var/asl/data/audit -[ -x /usr/local/bin/modsec-permissions ] && /usr/local/bin/modsec-permissions \|\| :
	Deleted	modsecurity-2.8.0.tar.bz2 ^
	Deleted	modsecurity-2.9.0.tar.bz2 ^
	Deleted	modsecurity-2.9.2.tar.bz2 ^
	Deleted	modsecurity-2.9.3.tar.bz2 ^
	Deleted	modsecurity-2.9.4.tar.bz2 ^
	Deleted	modsecurity-2.9.5.tar.bz2 ^
	Deleted	modsecurity-2.9.7.tar.bz2 ^
	Changed	modsecurity-apache_2.5.13.tar.gz ^
	Deleted	modsecurity-apache_2.7.4.tar.bz2 ^
	Deleted	modsecurity-apache_2.7.5.tar.bz2 ^
	Deleted	modsecurity-apache_2.7.7.tar.bz2 ^
[-] [+]	Deleted	modsecurity_crs_10_config-default.conf.suse ^
@@ -1,302 +0,0 @@ -# --------------------------------------------------------------- -# Core ModSecurity Rule Set ver.1.6.1 -# Copyright (C) 2006-2007 Breach Security Inc. All rights reserved. -# -# The ModSecuirty Core Rule Set is distributed under GPL version 2 -# Please see the enclosed LICENCE file for full details. -# --------------------------------------------------------------- - - -# Configuration contained in this file should be customized -# for your specific requirements before deployment. -# -# Next to each rule there is a description of what it does. Each -# location where customization is needed is marked with "TODO". It -# is recommended that you: -# -# 1) Keep a copy of the original file. This will allow you to use -# the "diff" command to quickly see the changes. It will also -# make upgrades to future rule sets easier. -# -# 2) Document your changes thoroughly. -# -# You are advised to start with ModSecurity in detection mode only. -# Switch to protection when you are comfortable with your rule set. -# For maximum protection monitor your logs on daily basis (or -# better). -# - -# TODO You may want to provide an error friendly message to your -# users when you start rejecting requests. You can do this using -# the Apache ErrorDocument directive. You should also add -# mod_unique_id to your configuration and display the unique -# request ID on the error page. This would allow your users to -# report the request ID back to you so that you can investigate -# the false positive (if that's what it is). A nice error page -# usually reduces the impact of false positives on the users. -# -# The drawback of this user friendly approach is that it is -# easier for the attackers to figure out there is an web -# application firewall protecting the application. -# -# ErrorDocument 403 /path/to/error_document.php -# -# For more information see -# http://httpd.apache.org/docs-2.0/custom-error.html - - -## -- Configuration ---------------------------------------------------------- - -# Turn ModSecurity on ("On"), set to monitoring only -# ("DetectionOnly") or turn off ("Off"). -# -SecRuleEngine On - -# Define which part of the HTTP transaction to inspect. -# -# Inspecting request body (SecRequestBodyAccess) should probably be always set -# to "on". Only very high volume sites that never use POST requests might want -# to set it to "off" to optimize performance. -# -# Inspecting response body is useful for monitoring for information leaks, -# or for signs of intrusion. However, it does require all responses to be -# buffered in memory. For most sites this should not be a problem, but special -# care must be taken to avoid buffering file downloads (through -# MIME type selection, as shown below). -# -# TODO If you decide to enable output filtering make sure to -# review the list of scanned MIME types. If pages of the types specified -# for outbound inspection are smaller than 512K in you application -# (which is usually the case) you may reduce the SecResponseBodyLimit -# to protect from potential denial of service attacks. -# -SecRequestBodyAccess On -SecResponseBodyAccess On -SecResponseBodyMimeType (null) text/html text/plain text/xml -SecResponseBodyLimit 2621440 - - -# Initiate XML Processor in case of xml content-type -# -# TODO Uncomment this rule if you wish to parse -# text/xml requests using the XML parser. Note -# that this may cause considerable overhead in processing -# text/xml requests. -#SecRule REQUEST_HEADERS:Content-Type "text/xml" \ -#"phase:1,pass,nolog,ctl:requestBodyProcessor=XML" - - -# What to do when an error is encountered. -# -# The default is to log the error and let the request go through. -# This is a reasonable setting to start with because you do not -# want to reject legitimate requests with an untuned rule set. -# -# If, after monitoring the performance of the rule set after a -# sufficient period, you determine the rules never (or rarely -# trigger on legitimate requests) you can change to something -# else, such as "log,deny,status:403". You can also leave the -# default setting here as is, but use per rule action configuration -# to only configure some rules to reject requests, leaving most -# of them to work in detection mode. -# -#SecDefaultAction "phase:2,log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace" - -# Set web server identification string -# -# TODO In case you use Apache, you may want specify a simple server signature -# instead of the detailed Apache default signature that list most modules -# used on the specific Apache deployment: -# "Apache/2.2.0 (Fedora)" -# For this directive to work, you need to set Apache ServerTokens -# to Full (this is the default option) -SecServerSignature Apache - -# Add ruleset identity to the logs -# -SecComponentSignature 201001071602 - -## -- File uploads configuration ----------------------------------------------- -# Temporary file storage path. -# -# TODO Change the temporary folder setting to a path where only -# the web server has access. -# -SecUploadDir /var/asl/data/suspicious - -# Whether or not to keep the stored files. -# -# In most cases you don't want to keep the uploaded files (especially -# when there is a lot of them). It may be useful to change the setting -# to "RelevantOnly", in which case the files uploaded in suspicious -# requests will be stored. -# -SecUploadKeepFiles Off - -# Inspect uploaded files. -# -# TODO If there is a danger of attack through uploaded files then it -# is possible to configure an external script to inspect each file -# before it is seen by the application. An example script is -# included with ModSecurity (/util/modsec-clamscan.pl). -# -# Inspecting uploaded files is especially important in a hosting, -# community or blogging environments where uploading files is permitted. -# -# NOTE the t:none action is required in order not to process the files names -# passed to the script based on previously defined actions in a -# SecDefaultAction directive. -# -# SecRule FILES_TMPNAMES "@inspectFile /opt/apache/bin/inspect_script.pl" \ -# "t:none" - -## -- Logging ---------------------------------------------------------------- - -# Whether to log requests to the ModSecurity audit log. -# -# By default, only requests that trigger a ModSecurity events (as detected -# by) or a serer error are logged ("RelevantOnly"). This is a reasonable -# setting. Full logging can be set by using # "on". If the system is used -# for protection only and no logging is desired (not reccomended) logging can -# be turned of using "off" -# -# NOTE It is also possible to configure forensic logging on the -# per request basis using the "auditlog" and "noauditlog" rule -# actions. -# -# TODO The default rule set logs requests that generate a 404 "file not found" -# response. These events are interesting, but may log a lot of information. -# you may consider removing it by setting SecAuditLogRelevantStatus -# to "^(?:5\|4\d[^4])". -# -SecAuditEngine RelevantOnly -SecAuditLogRelevantStatus "^(?:5\|4(?!04))" - -# Log files structure -# -# You can select to log all events to a single log file (set SecAuditLogType to -# "Serial") or to log each request to a separate file (set it to "Concurrent"). -# The former is usually easier to use, but if full logging is required or if -# the protected system supports a large transaction volume the later may -# be a better option. -# -# TODO Set the SecAuditLog (for "Serial" logging) or SecAuditLogStorageDir (for -# "Concurrent" logging). -# -# TODO If you change from "Serial" to "Concurrent" uncomment the -# SecAuditLogStorageDir directive and make sure the direcory specified -# exists and has write permissions for the Apache user. - -SecAuditLogType Concurrent -SecAuditLog /var/log/apache2/audit_log -# SecAuditLogStorageDir /var/log/apache2/modsec_audit - -# Select what portions of the request to log -# -# Modify the string by adding any of the letter below to it: -# A - audit log header (mandatory) -# B - request headers -# C - request body (present only if the request body exists and ModSecurity is
[-] [+]	Deleted	zzz_asl_custom_exclude.conf ^
@@ -1,24 +0,0 @@ -# do local changes in zzz_asl_custom_local_exclude.conf this file will be overwritten -SecRuleRemoveById 350000 -SecRuleRemoveById 351000 -SecRuleRemoveById 350147 -SecRuleRemoveById 350148 -SecRuleRemoveById 340162 -SecRuleRemoveById 391213 -SecRuleRemoveById 340152 - -# experimental -SecRuleRemoveById 340202 -SecRuleRemoveById 340201 -SecRuleRemoveById 340204 -SecRuleRemoveById 340205 -SecRuleRemoveById 340206 -SecRuleRemoveById 340207 -SecRuleRemoveById 340208 -SecRuleRemoveById 340209 -SecRuleRemoveById 345400 -SecRuleRemoveById 345401 -SecRuleRemoveById 345402 -SecRuleRemoveById 345403 -SecRuleRemoveById 345404 -
[-] [+]	Deleted	zzz_asl_custom_local_exclude.conf ^
@@ -1 +0,0 @@ -# do local changes here, will not be overwritten