ModSecurity

ModSecurity Reference Manual

Version 2.1.4 / (November 27, 2007)

Copyright © 2004-2007 Breach Security, Inc. (http://www.breach.com)

Table of Contents

Introduction
HTTP Traffic Logging
Real-Time Monitoring and Attack Detection
Attack Prevention and Just-in-time Patching
Flexible Rule Engine
Embedded-mode Deployment
Network-based Deployment
Licensing
ModSecurity Core Rules
Overview
Core Rules Structure
Core Rules Content
Installation
Configuration Directives
SecAction
SecArgumentSeparator
SecAuditEngine
SecAuditLog
SecAuditLog2
SecAuditLogParts
SecAuditLogRelevantStatus
SecAuditLogStorageDir
SecAuditLogType
SecChrootDir
SecCookieFormat
SecDataDir
SecDebugLog
SecDebugLogLevel
SecDefaultAction
SecGuardianLog
SecRequestBodyAccess
SecRequestBodyLimit
SecRequestBodyInMemoryLimit
SecResponseBodyLimit
SecResponseBodyMimeType
SecResponseBodyMimeTypesClear
SecResponseBodyAccess
SecRule
SecRuleInheritance
SecRuleEngine
SecRuleRemoveById
SecRuleRemoveByMsg
SecServerSignature
SecTmpDir
SecUploadDir
SecUploadKeepFiles
SecWebAppId
Processing Phases
Phase Request Headers
Phase Request Body
Phase Response Headers
Phase Response Body
Phase Logging
Variables
ARGS
ARGS_COMBINED_SIZE
ARGS_NAMES
AUTH_TYPE
ENV
FILES
FILES_COMBINED_SIZE
FILES_NAMES
FILES_SIZES
FILES_TMPNAMES
HTTP_
MULTIPART_CRLF_LF_LINES
MULTIPART_STRICT_ERROR
MULTIPART_UNMATCHED_BOUNDARY
PATH_INFO
QUERY_STRING
REMOTE_ADDR
REMOTE_HOST
REMOTE_PORT
REMOTE_USER
REQBODY_PROCESSOR
REQBODY_PROCESSOR_ERROR
REQBODY_PROCESSOR_ERROR_MSG
REQUEST_BASENAME
REQUEST_BODY
REQUEST_COOKIES
REQUEST_COOKIES_NAMES
REQUEST_FILENAME
REQUEST_HEADERS
REQUEST_HEADERS_NAMES
REQUEST_LINE
REQUEST_METHOD
REQUEST_PROTOCOL
REQUEST_URI
REQUEST_URI_RAW
RESPONSE_BODY
RESPONSE_HEADERS
RESPONSE_HEADERS_NAMES
RESPONSE_PROTOCOL
RESPONSE_STATUS
RULE
SCRIPT_BASENAME
SCRIPT_FILENAME
SCRIPT_GID
SCRIPT_GROUPNAME
SCRIPT_MODE
SCRIPT_UID
SCRIPT_USERNAME
SERVER_ADDR
SERVER_NAME
SERVER_PORT
SESSION
SESSIONID
TIME
TIME_DAY
TIME_EPOCH
TIME_HOUR
TIME_MIN
TIME_MON
TIME_SEC
TIME_WDAY
TIME_YEAR
TX
USERID
WEBAPPID
WEBSERVER_ERROR_LOG
XML
Transformation functions
base64Decode
base64Encode
compressWhitespace
escapeSeqDecode
hexDecode
hexEncode
htmlEntityDecode
lowercase
md5
none
normalisePath
normalisePathWin
removeNulls
removeWhitespace
replaceComments
replaceNulls
urlDecode
urlDecodeUni
urlEncode
sha1
Actions
allow
auditlog
capture
chain
ctl
deny
deprecatevar
drop
exec
expirevar
id
initcol
log
msg
multiMatch
noauditlog
nolog
pass
pause
phase
proxy
redirect
rev
sanitiseArg
sanitiseMatched
sanitiseRequestHeader
sanitiseResponseHeader
severity
setuid
setsid
setenv
setvar
skip
status
t
xmlns
Operators
eq
ge
gt
inspectFile
le
lt
rbl
rx
validateByteRange
validateDTD
validateSchema
validateUrlEncoding
validateUtf8Encoding
Miscellaneous Topics
Impedance Mismatch
Copyright (C) 2004-2007 Breach Security