ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button
  Introducing mod_security
Subject:   Re: My SecRule does not work on mod_security2.c
Date:   2006-11-02 07:31:07
From:   monicat
Response to: mod_security2 and SecRule

Ivan, I search at the site you suggested but did not find any solution to my problem.I'm not sure if it help if I include the entire configuration file. Please see below:

<IfModule mod_security2.c>
# Basic configuration options
# Server masking is optional
SecServerSignature "Microsoft-IIS/5.0"

# Maximum request body size we will
# accept for buffering
SecRequestBodyAccess On
SecRequestBodyLimit 131072
# Store up to 128 KB in memory
SecRequestBodyInMemoryLimit 131072

# Buffer response bodies of up to
# 512 KB in length
SecResponseBodyAccess Off
SecResponseBodyLimit 524288

# Debug log
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 9

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus ^5
SecAuditLogParts ABIFHZ
SecAuditLogType Serial

# The name of the audit log file
SecAuditLog logs/modsec_audit.log

# Default action set
SecDefaultAction "deny,log,auditlog,status:403"

# Turn on Rule Engine
SecRuleEngine On
SecRule REQUEST_URI dirty

# Refuse to accept POST requests that do
# not specify request body length
# SecRule REQUEST_HEADER:Content-Length ^$

Any help is appreciated.
- Monicat