Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:server_preparation_tmp [2020/06/18 13:17]
urbanl [Disabling mod_security rules]
+++ tutorial:adm:server_preparation_tmp [2020/06/24 12:00]
kolarikj [mod_security configuration - CentOS8]
@@ Line 584: / Line 584: @@
 ==== Disabling mod_security rules ====
-These rules are disabled for modsec_crs 3.0
+These rules are disabled for modsec_crs 3.0.
 In the file ''/etc/httpd/conf.d/ssl.conf'' deactivate following rules and set their logging:
 <code xml>
 <IfModule mod_security2.c>
@@ Line 614: / Line 616: @@
 ==== mod_security configuration - CentOS8  ====
-In the file /etc/httpd/modsecurity.d/activated_rules/REQUEST-901-INITIALIZATION.conf, find the rule 900200 and 900220 then add support for content\_type=application/json, application/hal+json and text/plain on the line starting with tx.allowed\_request\_content\_type, then allow PUT DELETE and PATCH methods on the line with tx.allowed\_methods.
+In the file /etc/httpd/modsecurity.d/activated_rules/REQUEST-901-INITIALIZATION.conf
-Whole rules after the changes looks like this:
+  * find the rule 900200 and add methods PUT DELETE and PATCH on the line with tx.allowed\_methods. It look like this after change:
 <code>
@@ Line 625: / Line 628: @@
     nolog,\
     setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE'"
+</code>
+  * find the rule 900220 and add support for content\_type=application/json, application/hal+json and text/plain on the line starting with tx.allowed\_request\_content\_type, after change:
+<code>
 # Default HTTP policy: allowed_request_content_type (rule 900220)
 SecRule &TX:allowed_request_content_type "@eq 0" \