Modsecurity crs 10 config.conf

From OWASP
Revision as of 11:04, 6 August 2009 by Rcbarnett (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  1. The directives within this file can be included within
  2. Virtual Host containers.
  3. Configuration contained in this file should be customized
  4. for your specific requirements before deployment.
  5. Next to each rule there is a description of what it does. Each
  6. location where customization is needed is marked with "TODO". It
  7. is recommended that you:
  8. 1) Keep a copy of the original file. This will allow you to use
  9. the "diff" command to quickly see the changes. It will also
  10. make upgrades to future rule sets easier.
  11. 2) Document your changes thoroughly.
  12. You are advised to start with ModSecurity in detection mode only.
  13. Switch to protection when you are comfortable with your rule set.
  14. For maximum protection monitor your logs on daily basis (or
  15. better).