Modsecurity crs 10 config.conf

From OWASP
Jump to: navigation, search

The data within this conf file may be specified within Apache virtual host containers. The following ModSecurity directives are set within this file -

SecRuleEngine
SecRequestBodyAccess
SecResponseBodyAccess
SecResponseBodyMimeType
SecResponseBodyLimit
SecResponseBodyLimitAction
SecDefaultAction
SecUploadDir
SecUploadKeepFiles
SecAuditEngine
SecAuditLogRelevantStatus
SecAuditLogType
SecAuditLog
SecAuditLogParts
SecCookieFormat
SecRequestBodyInMemoryLimit
SecDebugLog
SecDebugLogLevel
SecTmpDir

See the | ModSecurity Reference Manual for directive documentation.


PROJECT INFORMATION
Project Name OWASP ModSecurity Core Rule Set Project
Short Project Description

The purpose of this project is the documentation and development of the ModSecurity Core Rule Set. Unlike intrusion detection and prevention systems, which rely on signature specific to known vulnerabilities, the Core Rules are based on generic rules in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded.

Key Project Information

Project Leader
Ryan Barnett

Project Contibutors
Brian Rectanus
(add account link, please)

Mailing List
Subscribe here
Use here

License
GNU General Public License

Project Type
Document

Sponsor
BreachSecurityLabs.jpg
Release Status Main Links Related Projects

Apha Quality
Please see here for complete information.

add here.

ModSecurity-Open Source Web Application Firewall
OWASP Securing WebGoat using ModSecurity