Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
tutorial:adm:server_preparation_tmp [2020/06/18 13:18]
urbanl [Disabling mod_security rules] 		tutorial:adm:server_preparation_tmp [2020/06/24 12:00]
kolarikj [mod_security configuration - CentOS8]
Line 616: Line 616:
 ==== mod_security configuration - CentOS8  ==== ==== mod_security configuration - CentOS8  ====
  
-In the file /etc/httpd/modsecurity.d/activated_rules/REQUEST-901-INITIALIZATION.conffind the rule 900200 and 900220 then add support for content\_type=application/json, application/hal+json and text/plain on the line starting with tx.allowed\_request\_content\_type, then allow PUT DELETE and PATCH methods on the line with tx.allowed\_methods. +In the file /etc/httpd/modsecurity.d/activated_rules/REQUEST-901-INITIALIZATION.conf 
-Whole rules after the changes looks like this:+ 
 +  * find the rule 900200 and add methods PUT DELETE and PATCH on the line with tx.allowed\_methods. It look like this after change:
  
 <code> <code>
Line 627: Line 628:
     nolog,\     nolog,\
     setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE'"     setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE'"
 +</code>
  
 +  * find the rule 900220 and add support for content\_type=application/json, application/hal+json and text/plain on the line starting with tx.allowed\_request\_content\_type, after change:
 +
 +<code>
 # Default HTTP policy: allowed_request_content_type (rule 900220) # Default HTTP policy: allowed_request_content_type (rule 900220)
 SecRule &TX:allowed_request_content_type "@eq 0" \ SecRule &TX:allowed_request_content_type "@eq 0" \