File: httpd.conf.regression-v2

package info (click to toggle)
libapache-mod-security 1.8.7-1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 1,132 kB
  • ctags: 664
  • sloc: ansic: 7,641; perl: 199; makefile: 59; sh: 44
file content (166 lines) | stat: -rw-r--r-- 4,716 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
 
<IfModule mod_security.c>

    # Turn the filtering engine On or Off
    SecFilterEngine DynamicOnly

    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On
    SecFilterCheckUnicodeEncoding On
    SecFilterCheckCookieFormat On

    # Only allow bytes from this range
    SecFilterForceByteRange 32 254
    # SecFilterForceByteRange 0 255

    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    # on the per-directory basis
    SecAuditEngine On

    # The name of the audit log file
    SecAuditLog logs/audit_log

    SecFilterDebugLog logs/modsec_debug_log
    SecFilterDebugLevel 9

    # Should mod_security inspect POST payloads
    SecFilterScanPOST On

    # Action to take by default
    SecFilterDefaultAction "deny,log,status:500"
    #SecFilterDefaultAction "status:500,log,pass"

    SecFilterSelective ARG_p secret allow

    # Redirect user on filter match
    SecFilter xxx redirect:http://www.webkreator.com

    # Execute the external script on filter match
    SecFilter yyy log,exec:/home/users/ivanr/apache/bin/report-attack.pl
    
    SecFilterSelective ARG_b2inc "!^$"

    # Simple filter
    SecFilter 111 pause:5000
    
    # Only check the QUERY_STRING variable
    SecFilterSelective QUERY_STRING 222

    # Only check the body of the POST request
    SecFilterSelective POST_PAYLOAD 333

    # Only check arguments (will work for GET and POST)
    SecFilterSelective ARGS 444

    # Test filter
    SecFilter "/cgi-bin/modsec-test.pl/keyword"

    # Another test filter, will be denied with 404 but not logged
    # action supplied as a parameter overrides the default action
    SecFilter 999 "deny,nolog,status:500"

    # Prevent OS specific keywords
    SecFilter /etc/passwd

    # Prevent path traversal (..) attacks
    SecFilter "\.\./"

    # Weaker XSS protection but allows common HTML tags
    SecFilter "<[:space:]*script"

    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<.+>"

    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"

    # Require HTTP_USER_AGENT and HTTP_HOST headers
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

    # Forbid file upload
    # SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data

    # Only watch argument p1
    SecFilterSelective "ARG_p1" 555

    # Watch all arguments except p1
    SecFilterSelective "ARGS|!ARG_p2" 666

    # Only allow our own test utility to send requests (or Mozilla)
    SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla|links)"

    # Do not allow variables with this name
    SecFilterSelective ARGS_NAMES 777

    # Do now allow this variable value (names are ok)
    SecFilterSelective ARGS_VALUES 888

    # Test for a POST variable parsing bug, see test #41
    SecFilterSelective ARG_p2 AAA

    # Stop spamming through FormMail
    # note the exclamation mark at the beginning
    # of the filter - only requests that match this regex will
    # be allowed
    <Location /cgi-bin/FormMail>
        SecFilterSelective "ARG_recipient" "!@webkreator.com$"
    </Location>

    # when allowing upload, only allow images
    # note that this is not foolproof, a determined attacker
    # could get around this 
    <Location /fileupload.php>
        SecFilterInheritance Off
        SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
    </Location>

    # SecChrootDir /chroot/apache

    SecFilter "chicken"
    SecFilterSelective ARG_p "/bin/ls"

    SecServerSignature "MyServer x.y.z"

    # SecFilterSelective REQUEST_URI "!^[-a-zA-z0-9\\._/]+$"
    # SecFilter "!^[-a-zA-Z0-9_/.?]+$"

    # test 50
    SecFilterSelective  ARG_q1  value1 chained
    SecFilterSelective  ARG_q2  value2

    # test 51
    SecFilterSelective  ARG_q3  value3 skipnext
    SecFilterSelective  ARG_q3  value3

    # test 52
    SecFilterSelective  ARG_q5  value5 skipnext:2
    SecFilterSelective  ARG_q5  value5
    SecFilterSelective  ARG_q5  value5

    # test 52 - repeated with skip as an action
    SecFilterSelective  ARG_q5  value5 skip:2
    SecFilterSelective  ARG_q5  value5
    SecFilterSelective  ARG_q5  value5

    # test 53
    SecFilterSelective COOKIE_phpsessid "!(^$|^[a-zA-Z0-9]+$)"

    # test 55
    SecFilterSelective COOKIES_NAMES "fakephpsessid"

    # test 56
    SecFilterSelective COOKIES_VALUES "!(^$|^[a-zA-Z0-9]+$)"

    # test 57
    SecFilter "wget\x20wget"

    SecFilterScanOutput On
    # SecFilterOutputMimeTypes "(null) text/html text/plain"
    SecFilterSelective OUTPUT "Fatal error:"

    # test 70
    SecFilterSelective ARGS "-bug70-"

</IfModule>