readme - details about modsec include order
This commit is contained in:
parent
94b29a6ca2
commit
cd19841ec3
|
@ -213,7 +213,7 @@ You can include custom rules by adding .conf files into the /modsec-confs/ direc
|
|||
Values: *yes* | *no*
|
||||
Default value : *yes*
|
||||
If set to yes, the [OWASP ModSecurity Core Rule Set](https://coreruleset.org/) will be used. It provides generic rules to detect common web attacks.
|
||||
You can customize the CRS (i.e. : add WordPress exclusions) by adding custom .conf files into the /modsec-crs-confs/ directory inside the container (i.e : through a volume).
|
||||
You can customize the CRS (i.e. : add WordPress exclusions) by adding custom .conf files into the /modsec-crs-confs/ directory inside the container (i.e : through a volume). Files inside this directory are included before the CRS rules. If you need to tweak (i.e. : SecRuleUpdateTargetById) put .conf files inside the /modsec-confs/ which is included after the CRS rules.
|
||||
|
||||
## Security headers
|
||||
`X_FRAME_OPTIONS`
|
||||
|
|
Loading…
Reference in New Issue