--- files/280_mod_security.conf.sample.in (révision 552016) +++ files/280_mod_security.conf.sample.in (copie de travail) @@ -8,18 +8,25 @@ ## ## To enable ModSecurity in Apache, enable the modules -## mod_unique_id (in httpd.conf) and -## mod_security2 in this config file +## mod_unique_id +## mod_security2 +## e.g. by uncommenting the LoadModule lines of this config file. ## ## Additionally, load configuration and rules with an Include line from ## %%ETCDIR%%/*.conf +## e.g. by uncommenting the following Inlude line. ## -## Most users will use the signatures from the OWASP Core Rule Set (CRS). -## For configuration instructions, see %%DOCSDIR%%/README. -## -## apache modules for mod_security +## Apache modules and Include line for mod_security #LoadModule unique_id_module %%APACHEMODDIR%%/mod_unique_id.so #LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so #Include %%ETCDIR%%/*.conf +## +## Most users will use the signatures from the OWASP Core Rule Set (CRS). +## For configuration instructions, see %%DOCSDIR%%/README (second paragraph) +## before uncommenting the following Include line. +## + +## Include line for signatures from the OWASP Core Rule Set (CRS) +#Include %%ETCDIR%%/owasp-modsecurity-crs/rules/*.conf --- files/README.in (révision 552016) +++ files/README.in (copie de travail) @@ -3,12 +3,12 @@ To enable ModSecurity in Apache, follow the instructions in - %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% + %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% ModSecurity has various configuration options. To change them, edit the following file: - %%ETCDIR%%/modsecurity.conf + %%ETCDIR%%/modsecurity.conf Getting the Core Rule Set ------------------------- @@ -22,15 +22,18 @@ pkg install git cd %%ETCDIR%% git clone https://github.com/SpiderLabs/owasp-modsecurity-crs - cp owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example \ - crs.conf + ln -s owasp-modsecurity-crs/crs-setup.conf.example crs-setup.conf -The CRS has various config options. To change them, edit crs.conf. +The CRS has various config options. To change them, edit crs-setup.conf. -To activate the CRS base rules, add the following to your httpd.conf: +To activate the CRS base rules, either add the following line to your httpd.conf - Include etc/modsecurity/owasp-modsecurity-crs/base_rules/*.conf + Include %%ETCDIR%%/owasp-modsecurity-crs/rules/*.conf +or uncomment the same line in: + + %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% + You can also add custom configuration and CRS exceptions here. For instance, you might want to disable rules that generate false positives. Example: @@ -85,5 +88,9 @@ do this with Git: cd %%ETCDIR%%/owasp-modsecurity-crs - git pull + git stash push && git pull && git stash pop + +Resolve conflicts in crs-setup.conf.example, if any. Then execute: + + git reset && git stash drop apachectl restart --- files/pkg-message.in (révision 552016) +++ files/pkg-message.in (copie de travail) @@ -2,12 +2,12 @@ { type: install message: <