Apache Web 伺服器 - ModSecurity - 啟用 OWASP ModSecurity Core Rule Set(CRS)

注意另外需要修改 /usr/share/modsecurity-crs 目錄來啟用需要啟用的規則 Signed-off-by: 林博仁 <Buo.Ren.Lin@gmail.com>
ntouind · Dec 6, 2016 · 55ccf3a · 55ccf3a
1 parent 75304a2
commit 55ccf3a
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/.etckeeper b/.etckeeper
@@ -1082,6 +1082,7 @@ maybe chmod 0644 'modprobe.d/fbdev-blacklist.conf'
 maybe chmod 0644 'modprobe.d/iwlwifi.conf'
 maybe chmod 0644 'modprobe.d/mlx4.conf'
 maybe chmod 0755 'modsecurity'
+maybe chmod 0644 'modsecurity/Enable "OWASP ModSecurity Core Rule Set (CRS)".conf'
 maybe chmod 0644 'modsecurity/modsecurity.conf'
 maybe chmod 0644 'modsecurity/modsecurity.conf-recommended'
 maybe chmod 0644 'modsecurity/unicode.mapping'

diff --git a/modsecurity/Enable "OWASP ModSecurity Core Rule Set (CRS)".conf b/modsecurity/Enable "OWASP ModSecurity Core Rule Set (CRS)".conf
@@ -0,0 +1,2 @@
+# Refer /usr/share/modsecurity-crs/activated_rules/README for more information
+Include /usr/share/modsecurity-crs/activated_rules/*.conf
diff --git a/modsecurity/modsecurity.conf b/modsecurity/modsecurity.conf
@@ -4,7 +4,7 @@
 # only to start with, because that minimises the chances of post-installation
 # disruption.
 #
-SecRuleEngine DetectionOnly
+SecRuleEngine On
 
 
 # -- Request body handling ---------------------------------------------------
@@ -170,7 +170,7 @@ SecDataDir /tmp/
 # The default debug log configuration is to duplicate the error, warning
 # and notice messages from the error log.
 #
-#SecDebugLog /opt/modsecurity/var/log/debug.log
+#SecDebugLog /var/log/apache2/modsec_debug.log
 #SecDebugLogLevel 3