Add MODSECURITY_SEC_RULE_ENGINE and MODSECURITY_SEC_AUDIT_LOG_PARTS (#292)
* Add MODSECURITY_SEC_RULE_ENGINE and MODSECURITY_SEC_AUDIT_LOG_PARTS Usefull for customizing sites (on/DetectionOnly, Custom logs) * remove settings docs (auto generated) Co-authored-by: Florian Pitance <54334437+fl0ppy-d1sk@users.noreply.github.com>
This commit is contained in:
parent
97bf473e1a
commit
873ccad9b2
|
@ -1,5 +1,5 @@
|
|||
# process rules with disruptive actions
|
||||
SecRuleEngine On
|
||||
SecRuleEngine {{ MODSECURITY_SEC_RULE_ENGINE }}
|
||||
|
||||
# allow body checks
|
||||
SecRequestBodyAccess On
|
||||
|
@ -50,6 +50,7 @@ SecResponseBodyLimitAction ProcessPartial
|
|||
|
||||
# log usefull stuff
|
||||
SecAuditEngine {{ MODSECURITY_SEC_AUDIT_ENGINE }}
|
||||
SecAuditLogParts {{ MODSECURITY_SEC_AUDIT_LOG_PARTS }}
|
||||
SecAuditLogType Serial
|
||||
SecAuditLog /var/log/nginx/modsec_audit.log
|
||||
|
||||
|
|
|
@ -31,6 +31,24 @@
|
|||
"label": "SecAuditEngine",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
},
|
||||
"MODSECURITY_SEC_RULE_ENGINE": {
|
||||
"context": "multisite",
|
||||
"default": "On",
|
||||
"help": "SecRuleEngine directive of ModSecurity.",
|
||||
"id": "modsecurity-sec-rule-engine",
|
||||
"label": "SecRuleEngine",
|
||||
"regex": "^(On|DetectionOnly|Off)$",
|
||||
"type": "text"
|
||||
},
|
||||
"MODSECURITY_SEC_AUDIT_LOG_PARTS": {
|
||||
"context": "multisite",
|
||||
"default": "ABCFHZ",
|
||||
"help": "SecAuditLogParts directive of ModSecurity.",
|
||||
"id": "modsecurity-sec-audit-log-parts",
|
||||
"label": "SecAuditLogParts",
|
||||
"regex": "^([A-Z]*)$",
|
||||
"type": "text"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -228,11 +228,11 @@ When settings are considered as "multiple", it means that you can have multiple
|
|||
|
||||
### ModSecurity
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|------------------------------|--------------|---------|--------|----------------------------------------|
|
||||
|`USE_MODSECURITY` |`yes` |multisite|no |Enable ModSecurity WAF. |
|
||||
|`USE_MODSECURITY_CRS` |`yes` |multisite|no |Enable OWASP Core Rule Set. |
|
||||
|`MODSECURITY_SEC_AUDIT_ENGINE`|`RelevantOnly`|multisite|no |SecAuditEngine directive of ModSecurity.|
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|-----------------------------------|----------------|---------|--------|--------------------------------------------------|
|
||||
| `USE_MODSECURITY` | `yes` |multisite|no | Enable ModSecurity WAF. |
|
||||
| `USE_MODSECURITY_CRS` | `yes` |multisite|no | Enable OWASP Core Rule Set. |
|
||||
| `MODSECURITY_SEC_AUDIT_ENGINE` | `RelevantOnly` |multisite|no | SecAuditEngine directive of ModSecurity. |
|
||||
|
||||
### PHP
|
||||
|
||||
|
|
Loading…
Reference in New Issue