From ce37a2c1183066bb1aea8ec92ec8a0ab82896e33 Mon Sep 17 00:00:00 2001 From: Packit Date: Sep 15 2020 17:32:37 +0000 Subject: Add sources defined in the spec file --- diff --git a/SPECS/10-mod_security.conf b/SPECS/10-mod_security.conf new file mode 100644 index 0000000..dfe0955 --- /dev/null +++ b/SPECS/10-mod_security.conf @@ -0,0 +1,5 @@ +LoadModule security2_module modules/mod_security2.so + + + LoadModule unique_id_module modules/mod_unique_id.so + diff --git a/SPECS/mod_security.conf b/SPECS/mod_security.conf new file mode 100644 index 0000000..e9fe3dd --- /dev/null +++ b/SPECS/mod_security.conf @@ -0,0 +1,56 @@ + + # Default recommended configuration + SecRuleEngine On + SecRequestBodyAccess On + SecRule REQUEST_HEADERS:Content-Type "text/xml" \ + "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" + SecRequestBodyLimit 13107200 + SecRequestBodyNoFilesLimit 131072 + SecRequestBodyInMemoryLimit 131072 + SecRequestBodyLimitAction Reject + SecRule REQBODY_ERROR "!@eq 0" \ + "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" + SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ + "id:'200002',phase:2,t:none,log,deny,status:400,msg:'Multipart request body \ + failed strict validation: \ + PE %{REQBODY_PROCESSOR_ERROR}, \ + BQ %{MULTIPART_BOUNDARY_QUOTED}, \ + BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ + DB %{MULTIPART_DATA_BEFORE}, \ + DA %{MULTIPART_DATA_AFTER}, \ + HF %{MULTIPART_HEADER_FOLDING}, \ + LF %{MULTIPART_LF_LINE}, \ + SM %{MULTIPART_MISSING_SEMICOLON}, \ + IQ %{MULTIPART_INVALID_QUOTING}, \ + IP %{MULTIPART_INVALID_PART}, \ + IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ + FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" + + SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ + "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" + + SecPcreMatchLimit 1000 + SecPcreMatchLimitRecursion 1000 + + SecRule TX:/^MSC_/ "!@streq 0" \ + "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" + + SecResponseBodyAccess Off + SecDebugLog /var/log/httpd/modsec_debug.log + SecDebugLogLevel 0 + SecAuditEngine RelevantOnly + SecAuditLogRelevantStatus "^(?:5|4(?!04))" + SecAuditLogParts ABIJDEFHZ + SecAuditLogType Serial + SecAuditLog /var/log/httpd/modsec_audit.log + SecArgumentSeparator & + SecCookieFormat 0 + SecTmpDir /var/lib/mod_security + SecDataDir /var/lib/mod_security + + # ModSecurity Core Rules Set and Local configuration + Include modsecurity.d/*.conf + Include modsecurity.d/activated_rules/*.conf + Include modsecurity.d/local_rules/*.conf + + diff --git a/SPECS/modsecurity-2.9.2.tar.gz b/SPECS/modsecurity-2.9.2.tar.gz new file mode 100644 index 0000000..0d7b887 Binary files /dev/null and b/SPECS/modsecurity-2.9.2.tar.gz differ diff --git a/SPECS/modsecurity_localrules.conf b/SPECS/modsecurity_localrules.conf new file mode 100644 index 0000000..983d7df --- /dev/null +++ b/SPECS/modsecurity_localrules.conf @@ -0,0 +1,9 @@ +# User defined rules and settings . +# +# You can use this file/directory to drop your local rules or +# to remove some rules provided by mod_security_crs package with SecRuleRemoveById +# +# You can also disable mod_security for some incompatible web applications (eg. phpMyAdmin). +# +# +