Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
tutorial:adm:server_preparation_tmp [2020/03/12 12:29]
urbanl [HTTPd installation and configuration] 		tutorial:adm:server_preparation_tmp [2020/03/12 12:35]
urbanl [mod_security configuration - CentOS7]
Line 694: Line 694:
 </code> </code>
  
-==== mod_security configuration - CentOS7  ====+==== mod_security configuration - CentOS8  ====
  
-In the file /etc/httpd/modsecurity.d/modsecurity\_crs\_10\_config.conf, find the rule with id=900012 and add support for content\_type=application/json, application/hal+json and text/plain on the line starting with tx.allowed\_request\_content\_type, then allow PUT DELETE and PATCH methods on the line with tx.allowed\_methods. +In the file /etc/httpd/modsecurity.d/activated_rules/REQUEST-901-INITIALIZATION.conf, find the rule 900200 and 900220 then add support for content\_type=application/json, application/hal+json and text/plain on the line starting with tx.allowed\_request\_content\_type, then allow PUT DELETE and PATCH methods on the line with tx.allowed\_methods. 
-Whole rule after the changes looks like this:+Whole rules after the changes looks like this:
  
 <code> <code>
-SecAction +# Default HTTP policy: allowed_methods (rule 900200) 
-  "id:'900012', \ +SecRule &TX:allowed_methods "@eq 0" 
-  phase:1, \ +    "id:901160,\ 
-  t:none, \ +    phase:1,\ 
-  setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE',+    pass,
-  setvar:'tx.allowed_request_content_type=application/hal+json|application/json|text/plain|application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', \ +    nolog,\ 
-  setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \ +    setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE'
-  setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/',+ 
-  setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', \ +# Default HTTP policy: allowed_request_content_type (rule 900220) 
-  nolog, \ +SecRule &TX:allowed_request_content_type "@eq 0" \ 
-  pass"+    "id:901162,\ 
 +    phase:1,
 +    pass,\ 
 +    nolog,\ 
 +    setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain|application/hal+json'"
 </code> </code>