Differences

This shows you the differences between two versions of the page.

--- modsecurity:configure_mod_security [2016/10/14 13:36] – peter
+++ modsecurity:configure_mod_security [2019/11/30 14:16] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== ModSecurity - Configure mod_security ======
-Out of the box, modsecurity doesn't do anything as it needs rules to work.  The default configuration file is set to **DetectionOnly** which logs requests according to rule matches and doesn't block anything.  This can be changed by editing the modsecurity.conf file:
-<code bash>
-vi /etc/modsecurity/modsecurity.conf
-</code>
-Find this line
-<file bash /etc/modsecurity/modsecurity.conf>
-SecRuleEngine DetectionOnly
-</file>
-and change it to:
-<file bash /etc/modsecurity/modsecurity.conf>
-SecRuleEngine On
-</file>
-If you're trying this out on a production server, change this directive only after testing all your rules.
-Another directive to modify is **SecResponseBodyAccess**.  This configures whether response bodies are buffered (i.e. read by modsecurity).  This is only necessary if data leakage detection and protection is required.  Therefore, leaving it //On// will use up droplet resources and also increase the logfile size.
-Find this
-<file bash /etc/modsecurity/modsecurity.conf>
-SecResponseBodyAccess On
-</file>
-and change it to:
-<file bash /etc/modsecurity/modsecurity.conf>
-SecResponseBodyAccess Off
-</file>
-Now we'll limit the maximum data that can be posted to your web application.  Two directives configure these:
-<code bash>
-SecRequestBodyLimit
-SecRequestBodyNoFilesLimit
-</code>
-The **SecRequestBodyLimit** directive specifies the maximum POST data size.  If anything larger is sent by a client the server will respond with a [[http://en.wikipedia.org/wiki/List_of_HTTP_status_codes#413|413 Request Entity Too Large]] error.  If your web application doesn't have any file uploads this value can be greatly reduced.
-The value mentioned in the configuration file is
-<file bash /etc/modsecurity/modsecurity.conf>
-SecRequestBodyLimit 13107200
-</file>
-which is 12.5MB.
-Similar to this is the **SecRequestBodyNoFilesLimit** directive.  The only difference is that this directive limits the size of //POST// data minus file uploads-- this value should be "as low as practical."
-The value in the configuration file is
-<file bash /etc/modsecurity/modsecurity.conf>
-SecRequestBodyNoFilesLimit 131072
-</file>
-which is 128KB.
-Along the lines of these directives is another one which affects server performance: **SecRequestBodyInMemoryLimit**.  This directive is pretty much self-explanatory; it specifies how much of "request body" data (POSTed data) should be kept in the memory (**RAM**), anything more will be placed in the hard disk (just like swapping).  Since droplets use SSDs, this is not much of an issue; however, this can be set a decent value if you have RAM to spare.
-<file bash /etc/modsecurity/modsecurity.conf>
-SecRequestBodyInMemoryLimit 131072
-</file>
-This is the value (128KB) specified in the configuration file.
-===== References =====
-https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu