Frequently asked questions

Back
ModSecurity, what is that?

ModSecurity is a security framework, protecting our customers' webhotels from attacks.


General information

ModSecurity is a webserver filter for analyzing traffic and preventing commonplace attacks.

This filter is normal for webservers, and does not usually cause any problems for legitimate use.

Regrettably, some legitimate use may be very similar to malicious accesses, and therefore risk denied access from ModSecurity.

If you see error messages mentioning ModSecurity, it may be caused by insecure software.

Vendors of software that conflicts with ModSecurity usually provide information and help on how to work with ModSecurity. If you are in doubt, check the vendor's support forums.

Technical information

We use ModSecurity from Debian stable, and additionally the Core Rules.

See also the ModSecurity reference manual for more information.

Our configuration sets the following limits:


# PCRE
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000

# File uploads
SecUploadFileLimit 10

# Max size of incoming data
# 128 MiB
SecRequestBodyLimit 134217728

# Max size of incoming data that isn't a file 
# 1,2 MiB
SecRequestBodyNoFilesLimit 1310720

# Max memory usage for incoming data
SecRequestBodyInMemoryLimit 134217728

# Buffer length for outgoing data
# 128 MiB in length
SecResponseBodyLimit 134217728

# Restrictions for request body errors
SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"

# Restrictions for multipart/form-data
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,msg:'Multipart request body \
failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_SEMICOLON_MISSING}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"

Keyword:  

Index

© 2017 Domeneshop AS · About us · Terms & Conditions · About cookies