Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:server_preparation_tmp [2020/06/18 10:36]
urbanl [mod_security configuration] changed basic configuration file
+++ tutorial:adm:server_preparation_tmp [2020/06/18 13:16]
urbanl [Disabling mod_security rules] Changed modsec crs to 3.0
@@ Line 584: / Line 584: @@
 ==== Disabling mod_security rules ====
+These rules are disabled for modsec_crs 3.0
 In the file ''/etc/httpd/conf.d/ssl.conf'' deactivate following rules and set their logging:
 <code xml>
 <IfModule mod_security2.c>
-        SecRuleRemoveById 981173
+        SecRuleRemoveById 942430
-        SecRuleRemoveById 960015
+        SecRuleRemoveById 942431
-        SecRuleRemoveById 950109
+        SecRuleRemoveById 920300
+        SecRuleRemoveById 920230
         # Allow Czech signs
-        SecRuleRemoveById 981318
+        SecRuleRemoveById 942110
-        SecRuleRemoveById 981242
+        SecRuleRemoveById 942330
-        SecRuleRemoveById 960024
+        SecRuleRemoveById 942460
-        SecRuleRemoveById 981245
+        SecRuleRemoveById 942260
         # Too restrictive for login format
-        SecRuleRemoveById 960035
+        SecRuleRemoveById 920440
         # Needed by Websockets
         <Location "/idm/api/v1/websocket-info/">
-                SecRuleRemoveById 970901
+                SecRuleRemoveById 950100
         </Location>
-        # These break Certificate Authority module
-	<Location "/idm/api/v1/crt/certificates/action/validate">
-		SecRuleRemoveById 960915
-		SecRuleRemoveById 200003
-	</Location>
-	# Modsec can throw false positives on some files due to multipart boundary check
-	<Location "/idm/api/v1/attachments/upload">
-		SecRuleRemoveById 960915
-		SecRuleRemoveById 200003
-	</Location>
         # do not log request/response body