{%- set apache = pillar.get('apache', {}) %} {%- set modsec = apache.get('mod_security', {}) %} {%- set sec_rule_engine = modsec.get('sec_rule_engine', 'DetectionOnly' ) -%} {%- set sec_request_body_access = modsec.get('sec_request_body_access', 'On' ) -%} {%- set sec_request_body_limit = modsec.get('sec_request_body_limit', 13107200 ) -%} {%- set sec_request_body_no_files_limit = modsec.get('sec_request_body_no_files_limit', 131072 ) -%} {%- set sec_request_body_in_memory_limit = modsec.get('sec_request_body_in_memory_limit', 131072 ) -%} {%- set sec_request_body_limit_action = modsec.get('sec_request_body_limit_action', 'Reject' ) -%} {%- set sec_pcre_match_limit = modsec.get('sec_pcre_match_limit', 1000 ) -%} {%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%} {%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%} # # This file is managed by Salt! Do not edit by hand! # Modify the salt pillar that generates this file instead # LoadModule security2_module modules/mod_security2.so LoadModule unique_id_module modules/mod_unique_id.so # ModSecurity Core Rules Set configuration {%- if 'osfinger' in grains and grains.osfinger in ('Red Hat Enterprise Linux Server-6', 'CentOS-6') %} Include modsecurity.d/*.conf Include modsecurity.d/activated_rules/*.conf {%- else %} IncludeOptional modsecurity.d/*.conf IncludeOptional modsecurity.d/activated_rules/*.conf {%- endif %} # Default recommended configuration SecRuleEngine {{ sec_rule_engine }} SecRequestBodyAccess {{ sec_request_body_access }} SecRule REQUEST_HEADERS:Content-Type "text/xml" \ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" SecRequestBodyLimit {{ sec_request_body_limit }} SecRequestBodyNoFilesLimit {{ sec_request_body_no_files_limit }} SecRequestBodyInMemoryLimit {{ sec_request_body_in_memory_limit }} SecRequestBodyLimitAction {{ sec_request_body_limit_action }} SecRule REQBODY_ERROR "!@eq 0" \ "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \ failed strict validation: \ PE %{REQBODY_PROCESSOR_ERROR}, \ BQ %{MULTIPART_BOUNDARY_QUOTED}, \ BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ DB %{MULTIPART_DATA_BEFORE}, \ DA %{MULTIPART_DATA_AFTER}, \ HF %{MULTIPART_HEADER_FOLDING}, \ LF %{MULTIPART_LF_LINE}, \ SM %{MULTIPART_MISSING_SEMICOLON}, \ IQ %{MULTIPART_INVALID_QUOTING}, \ IP %{MULTIPART_INVALID_PART}, \ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" SecPcreMatchLimit {{ sec_pcre_match_limit }} SecPcreMatchLimitRecursion {{ sec_pcre_match_limit_recursion }} SecRule TX:/^MSC_/ "!@streq 0" \ "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" SecResponseBodyAccess Off SecDebugLog /var/log/httpd/modsec_debug.log SecDebugLogLevel {{ sec_debug_log_level }} SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogParts ABIJDEFHZ SecAuditLogType Serial SecAuditLog /var/log/httpd/modsec_audit.log SecArgumentSeparator & SecCookieFormat 0 SecTmpDir /var/lib/mod_security SecDataDir /var/lib/mod_security