modsecurity

conf/httpd.conf

@@ -4,8 +4,9 @@ User apache
 Group apache
 
 Include conf.modules.d/*.conf
-IncludeOptional modsecurity.d/*.conf
-IncludeOptional modsecurity.d/activated_rules/*.conf
+Include conf/modsecurity.conf
+# IncludeOptional modsecurity.d/*.conf
+# IncludeOptional modsecurity.d/activated_rules/*.conf
 
 <Directory />
     AllowOverride none

conf/modsecurity.conf

@@ -0,0 +1,23 @@
+SecRuleEngine On
+SecRequestBodyAccess On
+SecResponseBodyAccess Off
+SecDebugLog /var/log/modsecurity/debug.log
+SecDebugLogLevel 0
+SecAuditLogParts ABIJ
+SecAuditLogType Serial
+SecAuditLog /var/log/modsecurity/audit.log
+
+# SQL Injection protection
+SecRule ARGS "(?i)(union(\s+all)?\s+select|select\s+.*\s+from|insert\s+into|update\s+.*\s+set|delete\s+from|drop\s+table|or\s+1=1|--|#|/\*|\*/|\bexec\b|\bexecute\b)" "id:'950001',phase:2,deny,status:403,msg:'SQL Injection Attack Detected',log"
+
+# XSS / HTML Injection protection
+SecRule ARGS "(?i)<script|javascript:|on\\w+=|<img|<svg|<iframe|<object|<embed|<form|<input|%3c|%3e|%22|%27|%60" "id:'950003',phase:2,deny,status:403,msg:'XSS/HTML Injection Detected',log"
+
+# Remote File Inclusion protection
+SecRule ARGS "(?i)(https?|ftp)://" "id:'950005',phase:2,deny,status:403,msg:'Remote File Inclusion Attempt',log"
+
+# Command Injection protection
+SecRule ARGS "(?i)(;|&&|\|\||\$\(|\`|\bexec\b|\bcmd\b|\bsystem\b)" "id:'950006',phase:2,deny,status:403,msg:'Command Injection Detected',log"
+
+# Path Traversal protection
+SecRule ARGS "(\../|\..\\)" "id:'950007',phase:2,deny,status:403,msg:'Path Traversal Attempt',log"