Commit 763fd46d authored by Mohamed Saouli's avatar Mohamed Saouli
Browse files

fichiers configurations nettoyés

parent c6245e18
<IfModule mod_headers.c>
# Content Security Policy (CSP)
######### Content Security Policy (CSP)
Header always set Content-Security-Policy " default-src 'self' data: 'unsafe-inline' ; script-src 'self' https://trueack.ovh/assets/js/vendor/popper.min.js https://trueack.ovh/dist/js/bootstrap.min.js https://code.jquery.com/jquery-3.3.1.slim.min.js https://ajax.googleapis.com www.google-analytics.com 'unsafe-inline' ; object-src 'self' ; form-action 'self' ; frame-ancestors 'self' ; base-uri 'self' ; "
Header set Content-Security-Policy " script-src 'self'; object-src 'self'"
#Header set Content-Security-Policy " img-src 'self'; script-src 'self' strict-dynamic' https: ; style-src 'self' ; font-src 'self' ; form-action 'self' ; form-action 'self' ; frame-ancestors 'none' ; base-uri 'none' ; "
#" default-src 'self' https://code.jquery.com/jquery-3.3.1.slim.min.js sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo ; script-src 'self' https://code.jquery.com/jquery-3.3.1.slim.min.js sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo 'unsafe-eval' ; style-src 'self' https://trueack.ovh/ 'unsafe-inline' ; font-src 'self' ; form-action 'self' ; form-action 'self'; frame-ancestors 'self' ; base-uri 'self' ; "
<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
Header unset Content-Security-Policy
</FilesMatch>
# Reducing MIME type security risks
######## Reducing MIME type security risks
Header set X-Content-Type-Options "nosniff"
# HTTP Strict Transport Security (HSTS)
# Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
######## Clickjacking
# Clickjacking
Header set X-Frame-Options "DENY"
<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
Header unset X-Frame-Options
Header set X-Frame-Options "SAMEORIGIN"
<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
Header unset X-Frame-Options
</FilesMatch>
# Reflected Cross-Site Scripting (XSS) attacks
Header set X-XSS-Protection "1; mode=block"
<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
Header unset X-XSS-Protection
####### Reflected Cross-Site Scripting (XSS) attacks
Header set X-XSS-Protection "1; mode=block"
<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
Header unset X-XSS-Protection
</FilesMatch>
# Server software information
####### Server software information Limitez donc au maximum les informations fournies par Apache
ServerTokens Prod
ServerSignature Off
Header unset X-Powered-By
</IfModule>
......@@ -57,7 +57,7 @@ Group apache
<VirtualHost *:80>
ServerName trueack.ovh
DocumentRoot "/var/www/html"
Redirect permanent / https://trueack.ovh/
Redirect / https://trueack.ovh/
ErrorLog /var/log/httpd/modsec_audit.log
CustomLog /var/log/httpd/modsec_audit.log combined
......@@ -70,29 +70,36 @@ ServerAdmin root@localhost
ServerName www.trueack.ovh:80
DocumentRoot "/var/www/html"
<Directory "/">
Options -Indexes
##### Empecher -FollowSymLinks à suivre les liens symboliques et Server Side Includes avec -Indexes
Options -Indexes -FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
Options -Indexes -FollowSymLinks
AllowOverride All
# Avec cette règle on accepte que les dérectives suivantes GET POST HEAD
######### Avec cette règle on accepte que les dérectives suivantes GET POST HEAD
<LimitExcept GET POST HEAD>
deny from all
</LimitExcept>
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html index.php login.php formulaire.php connection.php
DirectoryIndex index.html index.php
</IfModule>
<Files ".ht*">
Require all denied
</Files>
......@@ -113,6 +120,7 @@ LogLevel warn
#CustomLog "logs/access_log" common
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
......@@ -120,6 +128,7 @@ LogLevel warn
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
......@@ -154,33 +163,36 @@ ErrorDocument 500 "The server made a boo boo."
ErrorDocument 404 /erreur.html
ErrorDocument 404 "/cgi-bin/missing_handler.pl"
ErrorDocument 402 http://www.example.com/subscription_info.html
#ErrorDocument 403 /erreur.php "Sorry can't allow you access today"
#EnableMMAP off
EnableSendfile on
# Chargement des Modules security2 & evasive20
LoadModule security2_module modules/mod_security2.so
LoadModule evasive20_module modules/mod_evasive24.so
# Module security
# Include des fichiers modsecurity et les regles
<IfModule security2_module>
Include /etc/httpd/conf/modsecurity.d/crs-setup.conf
Include /etc/httpd/conf/modsecurity.d/rules/*.conf
</IfModule>
<IfModule mod_security2.c>
SecRuleRemoveById 200000
SecRuleRemoveById 200000
</IfModule>
# Module session
# Chargement des session_module pour les cookie
LoadModule session_module modules/mod_session.so
LoadModule session_cookie_module modules/mod_session_cookie.so
# Derective afin d'accpter que du HTTP
# Derective Header HTTP
LoadModule headers_module /usr/lib/httpd/modules/mod_headers.so
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Lax
......
LoadModule security2_module modules/mod_security2.so
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
......@@ -8,4 +7,5 @@ LoadModule security2_module modules/mod_security2.so
SecDebugLogLevel 1
SecResponseBodyMimeType text/plain text/html text/xml application/octet-stream
SecDataDir /tmp
</IfModule>
......@@ -320,13 +320,13 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# Example: for WebDAV, add the following methods: CHECKOUT COPY DELETE LOCK
# MERGE MKACTIVITY MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK
# Uncomment this rule to change the default.
#SecAction \
# "id:900200,\
# phase:1,\
# nolog,\
# pass,\
# t:none,\
# setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'"
SecAction \
"id:900200,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'"
# Content-Types that a client is allowed to send in a request.
# Default: application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain
......@@ -339,32 +339,34 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain'"
######## TEST Décommente
# Allowed HTTP versions.
# Default: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
# Example for legacy clients: HTTP/0.9 HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
# Note that some web server versions use 'HTTP/2', some 'HTTP/2.0', so
# we include both version strings by default.
# Uncomment this rule to change the default.
#SecAction \
# "id:900230,\
# phase:1,\
# nolog,\
# pass,\
# t:none,\
# setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0'"
SecAction \
"id:900230,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_http_versions=HTTP/1.1 HTTP/2 HTTP/2.0'"
# Forbidden file extensions.
# Guards against unintended exposure of development/configuration files.
# Default: .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/
# Example: .bak/ .config/ .conf/ .db/ .ini/ .log/ .old/ .pass/ .pdb/ .sql/
# Uncomment this rule to change the default.
#SecAction \
# "id:900240,\
# phase:1,\
# nolog,\
# pass,\
# t:none,\
# setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'"
SecAction \
"id:900240,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'"
# Forbidden request headers.
# Header names should be lowercase, enclosed by /slashes/ as delimiters.
......@@ -528,16 +530,16 @@ SecDefaultAction "phase:2,log,auditlog,pass"
#
# Uncomment these rules to use this feature:
#
#SecHttpBlKey XXXXXXXXXXXXXXXXX
#SecAction "id:900500,\
# phase:1,\
# nolog,\
# pass,\
# t:none,\
# setvar:tx.block_search_ip=1,\
# setvar:tx.block_suspicious_ip=1,\
# setvar:tx.block_harvester_ip=1,\
# setvar:tx.block_spammer_ip=1"
SecHttpBlKey XXXXXXXXXXXXXXXXX
SecAction "id:900500,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.block_search_ip=1,\
setvar:tx.block_suspicious_ip=1,\
setvar:tx.block_harvester_ip=1,\
setvar:tx.block_spammer_ip=1"
#
......@@ -609,15 +611,15 @@ SecDefaultAction "phase:2,log,auditlog,pass"
#
# Uncomment this rule to use this feature:
#
#SecAction \
# "id:900700,\
# phase:1,\
# nolog,\
# pass,\
# t:none,\
# setvar:'tx.dos_burst_time_slice=60',\
# setvar:'tx.dos_counter_threshold=100',\
# setvar:'tx.dos_block_timeout=600'"
SecAction \
"id:900700,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.dos_burst_time_slice=60',\
setvar:'tx.dos_counter_threshold=100',\
setvar:'tx.dos_block_timeout=600'"
#
......
# ------------------------------------------------------------------------
# OWASP ModSecurity Core Rule Set ver.3.0.0
# Copyright (c) 2006-2016 Trustwave and contributors. All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under
# Apache Software License (ASL) version 2
# Please see the enclosed LICENSE file for full details.
# ------------------------------------------------------------------------
#
# The purpose of this file is to hold LOCAL exceptions for your site. The
# types of rules that would go into this file are one where you want to
# short-circuit inspection and allow certain transactions to pass through
# inspection or if you want to alter rules that are applied.
#
# This file is named REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example for a
# very specific reason. Files affixed with the .example extension are designed
# to contain user created/modified data. The '.example'. extension should be
# renamed to end in .conf. The advantage of this is that when OWASP CRS is
# updated, the updates will not overwrite a user generated configuration file.
#
# As a result of this design paradigm users are encouraged NOT to directly
# modify rules. Instead they should use this
# REQUEST-900-EXCLUSION-RULES-BEFORE-CRS and the
# RESPONSE-999-EXCLUSION-RULES-AFTER-CRS file to modify OWASP rules using
# methods similar to the examples specified below.
#
# REQUEST-900-EXCLUSION-RULES-BEFORE-CRS and
# RESPONSE-999-EXCLUSION-RULES-AFTER-CRS serve different purposes. ModSecurity
# effectively maintains two different context: startup, and per transaction.
# As a rule, directives are processed within the startup context. While they
# can affect the per transaction context they generally remain fixed during the
# execution of ModSecurity.
#
# As a result if one wanted to disable a rule at bootup the SecRuleRemoveById
# directive or one of its siblings would have to be placed AFTER the rule is
# listed, otherwise it will not have knowledge of the rules existence (since
# these rules are read in at the same time). This means that when using
# directives that effect SecRules, these exceptions should be placed AFTER all
# the existing rules. This is why RESPONSE-999-EXCLUSION-RULES-AFTER-CRS is
# designed such that it loads LAST.
#
# Conversely, ModSecurity supports several actions that can change the state of
# the underlying configuration during the per transaction context, this is when
# rules are being processed. Generally, these are accomplished by using the
# 'ctl' action. As these are part of a rule, they will be evaluated in the
# order rules are applied (by physical location, considering phases). As a
# result of this ordering a 'ctl' action should be placed with consideration to
# when it will be executed. This is particularly relevant for the 'ctl' options
# that involve modifying ID's (such as ruleRemoveById). In these cases it is
# important that such rules are placed BEFORE the rule ID they will affect.
# Unlike the setup context, by the time we process rules in the per-transaction
# context, we are already aware of all the rule ID's. It is by this logic that
# we include rules such as this BEFORE all the remaining rules. As a result
# REQUEST-900-EXCLUSION-RULES-BEFORE-CRS is designed to load FIRST.
#
# As a general rule:
# ctl:ruleEngine -> place in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS
# ctl:ruleRemoveById -> place in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS
# ctl:ruleRemoveByMsg -> place in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS
# ctl:ruleRemoveByTag -> place in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS
# ctl:ruleRemoveTargetById -> place in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS
# ctl:ruleRemoveTargetByMsg -> place in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS
# ctl:ruleRemoveTargetByTag -> place in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS
#
# SecRuleRemoveById -> place in RESPONSE-999-EXCLUSION-RULES-AFTER-CRS
# SecRuleRemoveByMsg -> place in RESPONSE-999-EXCLUSION-RULES-AFTER-CRS
# SecRuleRemoveByTag -> place in RESPONSE-999-EXCLUSION-RULES-AFTER-CRS
# SecRuleUpdateActionById -> place in RESPONSE-999-EXCLUSION-RULES-AFTER-CRS
# SecRuleUpdateTargetById -> place in RESPONSE-999-EXCLUSION-RULES-AFTER-CRS
# SecRuleUpdateTargetByMsg -> place in RESPONSE-999-EXCLUSION-RULES-AFTER-CRS
# SecRuleUpdateTargetByTag -> place in RESPONSE-999-EXCLUSION-RULES-AFTER-CRS
#
#
# What follows are a group of examples that show you how to perform rule
# exclusions.
#
#
# Example Exclusion Rule: Disable inspection for an authorized client
#
# This ruleset allows you to control how ModSecurity will handle traffic
# originating from Authorized Vulnerability Scanning (AVS) sources. See
# related blog post -
# http://blog.spiderlabs.com/2010/12/advanced-topic-of-the-week-handling-authorized-scanning-traffic.html
#
# White-list ASV network block (no blocking or logging of AVS traffic) Update
# IP network block as appropriate for your AVS traffic
#
# ModSec Rule Exclusion: Disable Rule Engine for known ASV IP
# SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \
# "phase:1,id:1000,pass,nolog,ctl:ruleEngine=Off"
#
#
# Example Exclusion Rule: Removing a specific ARGS parameter from inspection
# for an individual rule
#
# This rule shows how to conditionally exclude the "password"
# parameter for rule 942100 when the REQUEST_URI is /index.php
# ModSecurity Rule Exclusion: 942100 SQL Injection Detected via libinjection
#
# SecRule REQUEST_URI "@beginsWith /index.php" \
# "id:1001,phase:1,pass,nolog, \
# ctl:ruleRemoveTargetById=942100;ARGS:password"
#
#
# Example Exclusion Rule: Removing a specific ARGS parameter from inspection
# for only certain attacks
#
# Attack rules within the CRS are tagged, with tags such as 'attack-lfi',
# 'attack-sqli', 'attack-xss', 'attack-injection-php', et cetera.
#
# ModSecurity Rule Exclusion: Disable inspection of ARGS:pwd
# for all rules tagged attack-sqli
# SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \
# "id:1002,phase:request,pass,nolog,\
# ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:pwd"
#
# Example Exclusion Rule: Removing a specific ARGS parameter from inspection
# for all CRS rules
#
# This rule illustrates that we can use tagging very effectively to whitelist a
# common false positive across an entire ModSecurity instance. This can be done
# because every rule in OWASP_CRS is tagged with OWASP_CRS. This will NOT
# affect custom rules.
#
# ModSecurity Rule Exclusion: Disable inspection of ARGS:pwd
# for all CRS rules
# SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \
# "id:1003,phase:request,pass,nolog,\
# ctl:ruleRemoveTargetByTag=CRS;ARGS:pwd"
#
# Example Exclusion Rule: Removing a range of rules
#
# This rule illustrates that we can remove a rule range via a ctl action.
# This uses the fact, that rules are grouped by topic in rule files covering
# a certain id range.
#
# ModSecurity Rule Exclusion: Disable all SQLi and XSS rules
# SecRule REQUEST_FILENAME "@beginsWith /admin" \
# "id:1004,phase:request,pass,nolog,\
# ctl:ruleRemoveById=941000-942999"
#
#
# The application specific rule exclusion files
# REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
# REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
# bring additional examples which can be useful then tuning a service.
......@@ -35,7 +35,7 @@ SecRule IP:REPUT_BLOCK_FLAG "@eq 1" \
chain"
SecRule TX:DO_REPUT_BLOCK "@eq 1" \
"setvar:tx.inbound_tx_msg=%{tx.msg},\
setvar:tx.inbound_anomaly_score=%{tx.anomaly_score}"
setvar:tx.inbound_anomaly_score=%{tx.anomaly_score}"
#
......
......@@ -28,7 +28,7 @@ SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
id:959100,\
tag:'anomaly-evaluation',\
t:none,\
deny,\
allow,\
msg:'Outbound Anomaly Score Exceeded (Total Score: %{TX.OUTBOUND_ANOMALY_SCORE})'"
......
# ------------------------------------------------------------------------
# OWASP ModSecurity Core Rule Set ver.3.0.0
# Copyright (c) 2006-2016 Trustwave and contributors. All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under
# Apache Software License (ASL) version 2
# Please see the enclosed LICENSE file for full details.
# ------------------------------------------------------------------------
#
# The purpose of this file is to hold LOCAL exceptions for your site.
# The types of rules that would go into this file are one where you want
# to unconditionally disable rules or modify their actions during startup.
#
# Please see the file REQUEST-900-EXCLUSIONS-RULES-BEFORE-CRS.conf.example
# for a description of the rule exclusions mechanism and the correct
# use of this file.
#
#
# Example Exclusion Rule: To unconditionally disable a rule ID
#
# ModSecurity Rule Exclusion: 942100 SQL Injection Detected via libinjection
# SecRuleRemoveById 942100
# Example Exclusion Rule: Remove a group of rules
#
# ModSecurity Rule Exclusion: Disable PHP injection rules
# SecRuleRemoveByTag "attack-injection-php"
#
# Example Exclusion Rule: To unconditionally remove parameter "foo" from
# inspection for SQLi rules
#
# ModSecurity Rule Exclusion: disable sqli rules for parameter foo.
# SecRuleUpdateTargetByTag "attack-sqli" "!ARGS:foo"
# -- [[ Changing the Disruptive Action for Anomaly Mode ]] --
#
# In Anomaly Mode (default in CRS3), the rules in REQUEST-949-BLOCKING-EVALUATION.conf
# and RESPONSE-959-BLOCKING-EVALUATION.conf check the accumulated attack scores
# against your policy. To apply a disruptive action, they overwrite the default
# actions specified in SecDefaultAction (setup.conf) with a 'deny' action.
# This 'deny' is by default paired with a 'status:403' action.
#
# In order to change the disruptive action from 'deny' to something else,
# you must use SecRuleUpdateActionByID directives AFTER the CRS rules
# are configured, for instance in the RESPONSE-999-EXCEPTIONS.conf file.
#
# These actions only apply when using Anomaly Mode.
#
# Default action: block with error 403
# (No configuration needed in this file if you want the default behavior.)
#
# Example: redirect back to the homepage on blocking
#
# SecRuleUpdateActionById 949110 "t:none,redirect:'http://%{request_headers.host}/',chain"
# SecRuleUpdateActionById 959100 "t:none,redirect:'http://%{request_headers.host}/',chain"
# Example: redirect to another URL on blocking
#
# SecRuleUpdateActionById 949110 "t:none,redirect:'http://example.com/report_problem',chain"
# SecRuleUpdateActionById 959100 "t:none,redirect:'http://example.com/report_problem',chain"
# Example: send an error 404
#
# SecRuleUpdateActionById 949110 "t:none,deny,status:404,chain"
# SecRuleUpdateActionById 959100 "t:none,deny,status:404,chain"
# Example: drop the connection (best for DoS attacks)
#
# SecRuleUpdateActionById 949110 "t:none,drop,chain"
# SecRuleUpdateActionById 959100 "t:none,drop,chain"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment