28 lines
1.2 KiB
Plaintext
28 lines
1.2 KiB
Plaintext
SecRuleEngine On
|
|
SecRequestBodyAccess On
|
|
SecResponseBodyAccess Off
|
|
#SecDebugLog /var/log/modsecurity/debug.log
|
|
SecDebugLogLevel 0
|
|
SecAuditLogParts ABIJ
|
|
SecAuditLogType Serial
|
|
#SecAuditLog /var/log/modsecurity/audit.log
|
|
|
|
# SQL Injection protection
|
|
SecRule ARGS "(?i)(union(\s+all)?\s+select|select\s+.*\s+from|insert\s+into|update\s+.*\s+set|delete\s+from|drop\s+table|or\s+1=1|--|#|/\*|\*/|\bexec\b|\bexecute\b)" \
|
|
"id:950001,phase:2,deny,status:403,msg:'SQL Injection Attack Detected',log"
|
|
|
|
# XSS / HTML Injection protection
|
|
SecRule ARGS "(?i)(<script|javascript:|on\w+=|<img|<svg|<iframe|<object|<embed|<form|<input|%3c|%3e|%22|%27|%60)" \
|
|
"id:950003,phase:2,deny,status:403,msg:'XSS/HTML Injection Detected',log"
|
|
|
|
# Remote File Inclusion protection
|
|
SecRule ARGS "(?i)(https?|ftp)://" \
|
|
"id:950005,phase:2,deny,status:403,msg:'Remote File Inclusion Attempt',log"
|
|
|
|
# Command Injection protection
|
|
SecRule ARGS "(?i)(;|&&|\|\||\$\(|\`|\bexec\b|\bcmd\b|\bsystem\b)" \
|
|
"id:950006,phase:2,deny,status:403,msg:'Command Injection Detected',log"
|
|
|
|
# Path Traversal protection
|
|
SecRule ARGS "(\./|\.\./)" \
|
|
"id:950007,phase:2,deny,status:403,msg:'Path Traversal Attempt',log" |