Created 4 years ago
Maintained by
bmwiedemann
apache2-mod_security2
pgajdos committed a day ago
# mod_security2 is not activated by default upon installation of the
# apache module.
#
# Use
# # a2enmod unique_id
# # a2enmod security2
#
# to activate security2 module.
#
# Configuration directories:
# /etc/apache2/mod_security2.d is read first
# /etc/apache2/mod_security2.d/rules is read second
#
# owasp-modsecurity-crs and owasp-modsecurity-crs-apache2 can be installed.
# To test:
W
# curl 'http://localhost/?foo=/etc/passwd&bar=/bin/sh'
#
# sholud give 403 with appropriate entry in /var/log/apache2/modsec_audit.log
# and /var/log/apache2/error_log.
#
# See https://coreruleset.org/docs/1-getting-started/1-1-crs-installation/
# for details.
