Differences

This shows you the differences between two versions of the page.

--- modsecurity:configure_mod_security [2016/10/14 13:31] – created peter
+++ modsecurity:configure_mod_security [2019/11/30 14:16] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== ModSecurity - Configure mod_security ======
-Out of the box, modsecurity doesn't do anything as it needs rules to work. The default configuration file is set to DetectionOnly which logs requests according to rule matches and doesn't block anything. This can be changed by editing the modsecurity.conf file:
-nano /etc/modsecurity/modsecurity.conf
-Find this line
-SecRuleEngine DetectionOnly
-and change it to:
-SecRuleEngine On
-If you're trying this out on a production server, change this directive only after testing all your rules.
-Another directive to modify is SecResponseBodyAccess. This configures whether response bodies are buffered (i.e. read by modsecurity). This is only neccessary if data leakage detection and protection is required. Therefore, leaving it On will use up droplet resources and also increase the logfile size.
-Find this
-SecResponseBodyAccess On
-and change it to:
-SecResponseBodyAccess Off
-Now we'll limit the maximum data that can be posted to your web application. Two directives configure these:
-SecRequestBodyLimit
-SecRequestBodyNoFilesLimit
-The SecRequestBodyLimit directive specifies the maximum POST data size. If anything larger is sent by a client the server will respond with a 413 Request Entity Too Large error. If your web application doesn't have any file uploads this value can be greatly reduced.
-The value mentioned in the configuration file is
-SecRequestBodyLimit 13107200
-which is 12.5MB.
-Similar to this is the SecRequestBodyNoFilesLimit directive. The only difference is that this directive limits the size of POST data minus file uploads-- this value should be "as low as practical."
-The value in the configuration file is
-SecRequestBodyNoFilesLimit 131072
-which is 128KB.
-Along the lines of these directives is another one which affects server performance: SecRequestBodyInMemoryLimit. This directive is pretty much self-explanatory; it specifies how much of "request body" data (POSTed data) should be kept in the memory (RAM), anything more will be placed in the hard disk (just like swapping). Since droplets use SSDs, this is not much of an issue; however, this can be set a decent value if you have RAM to spare.
-SecRequestBodyInMemoryLimit 131072
-This is the value (128KB) specified in the configuration file.
-===== References =====
-https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu