Women in Technology

Hear us Roar



Article:
  Introducing mod_security
Subject:   Re: My SecRule does not work on mod_security2.c
Date:   2006-11-02 07:31:07
From:   monicat
Response to: mod_security2 and SecRule

Ivan, I search at the site you suggested but did not find any solution to my problem.I'm not sure if it help if I include the entire configuration file. Please see below:


<IfModule mod_security2.c>
#
# Basic configuration options
#
# Server masking is optional
SecServerSignature "Microsoft-IIS/5.0"


# Maximum request body size we will
# accept for buffering
SecRequestBodyAccess On
SecRequestBodyLimit 131072
# Store up to 128 KB in memory
SecRequestBodyInMemoryLimit 131072


# Buffer response bodies of up to
# 512 KB in length
SecResponseBodyAccess Off
SecResponseBodyLimit 524288


# Debug log
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 9


# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus ^5
SecAuditLogParts ABIFHZ
SecAuditLogType Serial


# The name of the audit log file
SecAuditLog logs/modsec_audit.log


# Default action set
SecDefaultAction "deny,log,auditlog,status:403"


# Turn on Rule Engine
SecRuleEngine On
SecRule REQUEST_URI dirty


# Refuse to accept POST requests that do
# not specify request body length
# SecRule REQUEST_METHOD ^POST$ chain
# SecRule REQUEST_HEADER:Content-Length ^$
</IfModule>


Any help is appreciated.
- Monicat