SecFilterSignatureAction "log,deny,msg:'SQL Injection attack'" SecFilterSelective ARGS_NAMES "configdir" SecFilterSignatureAction "log,deny,msg:'Awstats Attack'" # Possible code execution attack (targets valid PHP streams constructs) SecFilterSignatureAction "log,deny,msg:'PHP attack'" SecFilterSelective HTTP_Transfer-Encoding "!^$"
#Client denied by server configuration awstats how to#
# Don't accept transfer encodings we know we don't know how to handle SecFilterSelective HTTP_Content-Length "^$" SecFilterSelective REQUEST_METHOD "^POST$" chain # Require Content-Length to be provided with every POST request. SecFilterSelective REQUEST_METHOD "!^(GET|HEAD|POST)$" # Restrict which request methods can be used SecFilterSelective HTTP_Content-Length "!^$" SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" chain # Do not accept GET or HEAD requests with bodies SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data )" SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
# Only accept request encodings we know how to handle. SecFilterSelective THE_REQUEST "^CONNECT " SecFilterDefaultAction "deny,log,msg:'Common attacks',status:403" If you have a usefull rule, please post it here. When you get false positives for your server, let us know here. Just to share some mod_security rules with you. Posted: Sun 25 Dec '05 22:08 Post subject: Hardening rules for mod_security Forum Index -> How-to's & Documentation & Tips
0 kommentar(er)
