Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_preparation_tmp [2020/06/18 10:36] urbanl [mod_security configuration] changed basic configuration file |
tutorial:adm:server_preparation_tmp [2020/06/24 12:00] kolarikj [mod_security configuration - CentOS8] |
||
---|---|---|---|
Line 583: | Line 583: | ||
==== Disabling mod_security rules ==== | ==== Disabling mod_security rules ==== | ||
+ | |||
+ | These rules are disabled for modsec_crs 3.0. | ||
In the file ''/ | In the file ''/ | ||
+ | |||
<code xml> | <code xml> | ||
< | < | ||
- | SecRuleRemoveById | + | SecRuleRemoveById |
- | SecRuleRemoveById | + | SecRuleRemoveById |
- | SecRuleRemoveById | + | SecRuleRemoveById |
+ | | ||
+ | | ||
# Allow Czech signs | # Allow Czech signs | ||
- | SecRuleRemoveById | + | SecRuleRemoveById |
- | SecRuleRemoveById | + | SecRuleRemoveById |
- | SecRuleRemoveById | + | SecRuleRemoveById |
- | SecRuleRemoveById | + | SecRuleRemoveById |
| | ||
# Too restrictive for login format | # Too restrictive for login format | ||
- | SecRuleRemoveById | + | SecRuleRemoveById |
+ | |||
# Needed by Websockets | # Needed by Websockets | ||
< | < | ||
- | SecRuleRemoveById | + | SecRuleRemoveById |
</ | </ | ||
| | ||
- | # These break Certificate Authority module | ||
- | < | ||
- | SecRuleRemoveById 960915 | ||
- | SecRuleRemoveById 200003 | ||
- | </ | ||
- | |||
- | # Modsec can throw false positives on some files due to multipart boundary check | ||
- | < | ||
- | SecRuleRemoveById 960915 | ||
- | SecRuleRemoveById 200003 | ||
- | </ | ||
- | |||
# do not log request/ | # do not log request/ | ||
SecAuditLogParts ABFHZ | SecAuditLogParts ABFHZ | ||
Line 624: | Line 616: | ||
==== mod_security configuration - CentOS8 | ==== mod_security configuration - CentOS8 | ||
- | In the file / | + | In the file / |
- | Whole rules after the changes looks like this: | + | |
+ | * find the rule 900200 and add methods | ||
< | < | ||
Line 635: | Line 628: | ||
nolog,\ | nolog,\ | ||
setvar:' | setvar:' | ||
+ | </ | ||
+ | * find the rule 900220 and add support for content\_type=application/ | ||
+ | |||
+ | < | ||
# Default HTTP policy: allowed_request_content_type (rule 900220) | # Default HTTP policy: allowed_request_content_type (rule 900220) | ||
SecRule & | SecRule & |