Re: My SecRule does not work on mod

Article:		Introducing mod_security
Subject:		Re: My SecRule does not work on mod_security2.c
Date:		2006-11-02 07:31:07
From:		monicat
Response to: mod_security2 and SecRule
Ivan, I search at the site you suggested but did not find any solution to my problem.I'm not sure if it help if I include the entire configuration file. Please see below: <IfModule mod_security2.c> # # Basic configuration options # # Server masking is optional SecServerSignature "Microsoft-IIS/5.0" # Maximum request body size we will # accept for buffering SecRequestBodyAccess On SecRequestBodyLimit 131072 # Store up to 128 KB in memory SecRequestBodyInMemoryLimit 131072 # Buffer response bodies of up to # 512 KB in length SecResponseBodyAccess Off SecResponseBodyLimit 524288 # Debug log SecDebugLog logs/modsec_debug.log SecDebugLogLevel 9 # The audit engine works independently and # can be turned On of Off on the per-server or # on the per-directory basis SecAuditEngine RelevantOnly SecAuditLogRelevantStatus ^5 SecAuditLogParts ABIFHZ SecAuditLogType Serial # The name of the audit log file SecAuditLog logs/modsec_audit.log # Default action set SecDefaultAction "deny,log,auditlog,status:403" # Turn on Rule Engine SecRuleEngine On SecRule REQUEST_URI dirty # Refuse to accept POST requests that do # not specify request body length # SecRule REQUEST_METHOD ^POST$ chain # SecRule REQUEST_HEADER:Content-Length ^$ </IfModule> Any help is appreciated. - Monicat