{\rtf1\ansi\ansicpg1252\cocoartf1504\cocoasubrtf830 {\fonttbl\f0\fnil\fcharset0 Menlo-Regular;} {\colortbl;\red255\green255\blue255;\red0\green0\blue0;\red213\green213\blue213;} {\*\expandedcolortbl;;\csgray\c0;\cssrgb\c86630\c86630\c86630;} \paperw11900\paperh16840\margl1440\margr1440\vieww12600\viewh10200\viewkind0 \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0 \f0\fs36 \cf2 \cb3 \CocoaLigature0 # -- Rule engine initialization ----------------------------------------------\ SecRuleEngine On\ SecRequestBodyAccess On\ \ SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\\+|/)|text/)xml" \\\ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"\ \ #SecRule REQUEST_HEADERS:Content-Type "application/json" \\\ # "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"\ \ SecRule REQUEST_HEADERS:Content-Type "application/json" "chain,id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"\ SecRule REQUEST_METHOD "!^(POST|GET)$"\ \ SecRequestBodyLimit 131072009\ SecRequestBodyNoFilesLimit 91310729\ \ SecRequestBodyLimitAction ProcessPartial\ \ SecRule REQBODY_ERROR "!@eq 0" \\\ "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%\{reqbody_error_msg\}',severity:2"\ \ SecRule MULTIPART_STRICT_ERROR "!@eq 0" \\\ "id:'200003',phase:2,t:none,log,deny,status:400, \\\ msg:'Multipart request body failed strict validation: \\\ PE %\{REQBODY_PROCESSOR_ERROR\}, \\\ BQ %\{MULTIPART_BOUNDARY_QUOTED\}, \\\ BW %\{MULTIPART_BOUNDARY_WHITESPACE\}, \\\ DB %\{MULTIPART_DATA_BEFORE\}, \\\ DA %\{MULTIPART_DATA_AFTER\}, \\\ HF %\{MULTIPART_HEADER_FOLDING\}, \\\ LF %\{MULTIPART_LF_LINE\}, \\\ SM %\{MULTIPART_MISSING_SEMICOLON\}, \\\ IQ %\{MULTIPART_INVALID_QUOTING\}, \\\ IP %\{MULTIPART_INVALID_PART\}, \\\ IH %\{MULTIPART_INVALID_HEADER_FOLDING\}, \\\ FL %\{MULTIPART_FILE_LIMIT_EXCEEDED\}'"\ \ SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \\\ "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"\ \ SecPcreMatchLimit 1000\ SecPcreMatchLimitRecursion 1000\ \ SecRule TX:/^MSC_/ "!@streq 0" \\\ "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %\{MATCHED_VAR_NAME\}'"\ \ \ # -- Response body handling --------------------------------------------------\ \ SecResponseBodyAccess On\ SecResponseBodyMimeType text/plain text/html text/xml\ SecResponseBodyLimitAction ProcessPartial\ \ SecTmpDir /tmp/modsec\ SecDataDir /tmp/modsec\ \ #SecDebugLog /var/log/debug.log\ #SecDebugLogLevel 9\ \ SecAuditEngine RelevantOnly\ SecAuditLogRelevantStatus "^(403)"\ SecAuditLogParts ABIJDEFHZ\ \ SecAuditLogType Serial\ SecAuditLogFormat JSON\ SecAuditLog /ramdisk/modsec_audit.log\ \ SecArgumentSeparator &\ \ SecCookieFormat 0\ \ SecUnicodeMapFile unicode.mapping 20127\ \ SecStatusEngine On\ \ SecUploadDir /usr/local/waf/upload/\ SecUploadKeepFiles On\ SecUploadFileMode 0666}