Re: [mod-security-users] SecResponseBodyLimit
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecResponseBodyLimit
|
From: Christian B. <ch...@jw...> - 2009-06-15 20:53:27
|
Hi Dave!
Am 15.06.2009 um 22:37 schrieb David Brown:
> SecResponseBodyLimit is defined in modsecurity_crs_10_config.conf of
> the core rules as 512k. My question is this. If I change it's
> value, when I update the core rules it will overwrite it? I know i
> can have a different config to remove rules by ID or other things,
> but how would I keep this specific value from being overwritten when
> upgrading the core rules?
>
Assuming you do include the rules by a line like
Include /path/to/rules/*.conf
The you can simply create a file
"modsecurity_crs_10_config_custom.conf", which
should then be listed after the core-rules config file (usually the
include-order
is ordered according to file-names).
When you put your re-definition of the SecResponseBodyLimit into your
custom
config file, this will overwrite the original core-rules setting.
The same principle is valid for defining exceptions for specific URLs
or update
rule actions. The crucial part here is, that the action updates need
to be
evaluated by apache AFTER the rule has been defined.
So you could for instance simple create a new file
"modsecurity_crs_99_exceptions.conf"
for that. Please note, that you might need to put some directives into
the right
phase for getting the right result.
E.g. if you have a conditional update of a rule action
SecRule REQUEST_URI /exceptional/url "<remove/modify-some-
previous-rules-here>"
and this rule is placed in phase-2 (e.g. because of the
SecDefaultAction value), then
any rules in phase-1 will not get updated before they are fired.
At least, if I understood everything right :-)
Regards,
Chris
|