Sophie: apache-mod_security-1:2.6.3-3.3.mga2 i586

apache-mod_security-2.6.3-3.3.mga2.i586.rpm

# ---------------------------------------------------------------
# Core ModSecurity Rule Set ver.2.0.5
# Copyright (C) 2006-2010 Breach Security Inc. All rights reserved.
#
# The ModSecurity Core Rule Set is distributed under GPL version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------


# In most cases, you should expect a certain volume of each a request on your
# website. For example, a request with 400 arguments, can be suspicious.
# This file creates limitations on the request.
#
# TODO Look at the rules in this file, and define the sizes you'd like to enforce.
#      Note that most of the rules are commented out by default.
#      Uncomment the rules you need
#

## -- Arguments limits --

# Limit argument name length
SecRule &TX:ARG_NAME_LENGTH "@eq 1" "chain,phase:2,t:none,pass,nolog,auditlog,msg:'Argument name too long',id:'960209',severity:'4',rev:'2.0.5'"
	SecRule ARGS_NAMES "@gt %{tx.arg_name_length}" "t:none,t:length,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.policy_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}"

# Limit value name length
SecRule &TX:ARG_LENGTH "@eq 1" "chain,phase:2,t:none,pass,nolog,auditlog,msg:'Argument value too long',id:'960208',severity:'4',rev:'2.0.5'"
	SecRule ARGS "@gt %{tx.arg_length}" "t:none,t:length,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.policy_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}"

# Maximum number of arguments in request limited
SecRule &TX:MAX_NUM_ARGS "@eq 1" "chain,phase:2,t:none,pass,nolog,auditlog,msg:'Too many arguments in request',id:'960335',severity:'4',rev:'2.0.5'"
	SecRule &ARGS "@gt %{tx.max_num_args}" "t:none,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.policy_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}"

# Limit arguments total length
SecRule &TX:TOTAL_ARG_LENGTH "@eq 1" "chain,phase:2,t:none,pass,nolog,auditlog,msg:'Total arguments size exceeded',id:'960341',severity:'4',rev:'2.0.5'"
	SecRule ARGS_COMBINED_SIZE "@gt %{tx.total_arg_length}" "t:none,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.policy_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}"


## -- File upload limits --

# Individual file size is limited
SecRule &TX:MAX_FILE_SIZE "@eq 1" "chain,phase:2,t:none,pass,nolog,auditlog,msg:'Uploaded file size too large',id:'960342',severity:'4',rev:'2.0.5'"
	SecRule FILES_SIZES "@gt %{tx.max_file_size}" "t:none,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.policy_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}"

# Combined file size is limited
SecRule &TX:COMBINED_FILE_SIZES "@eq 1" "chain,phase:2,t:none,pass,nolog,auditlog,msg:'Total uploaded files size too large',id:'960343',severity:'4',rev:'2.0.5'"
	SecRule FILES_COMBINED_SIZE "@gt %{tx.combined_file_sizes}" "t:none,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.policy_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}"