Re: [mod-security-users] Installing
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iva...@gm...> - 2010-03-02 20:54:15
|
On Tue, Mar 2, 2010 at 8:43 PM, Berlington Barnett <bba...@ya...> wrote: > Thank you very much. > > Just one more doubt. > > In the httpd.conf only write something like: > > SecRuleEngine On > SecDefaultAction > log,auditlog,deny,status:403,phase:2,t:lowercase,t:replaceNulls,t:compressWhitespace > > SecAuditEngine RelevantOnly > SecAuditLogType Serial > SecAuditLog logs/mod_security2.log > > > without brackets or something else??? No brackets needed. However, it is not recommended to use transformation functions in SecDefaultAction ("t:lowercase,t:replaceNulls,t:compressWhitespace"). That may lead to errors that are very difficult to track down. Each rule should specify its own transformation functions. -- Ivan Ristic ModSecurity Handbook [http://www.modsecurityhandbook.com] SSL Labs [https://www.ssllabs.com/ssldb/] |