Frequently asked questions

Back
ModSecurity, what is that?

ModSecurity is a security framework, protecting our customers' webhotels from attacks.


General information

ModSecurity is a webserver filter for analyzing traffic and preventing commonplace attacks.

This filter is normal for webservers, and does not usually cause any problems for legitimate use.

Regrettably, some legitimate use may be very similar to malicious accesses, and therefore risk denied access from ModSecurity.

If you see error messages mentioning ModSecurity, it may be caused by insecure software.

Vendors of software that conflicts with ModSecurity usually provide information and help on how to work with ModSecurity. If you are in doubt, check the vendor's support forums.

Technical information

We use ModSecurity from Debian stable, and additionally the Core Rules.

See also the ModSecurity reference manual for more information.

Our configuration sets the following limits:


# PCRE
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000

# File uploads
SecUploadFileLimit 10

# Max size of incoming data
# 128 MiB
SecRequestBodyLimit 134217728

# Max size of incoming data that isn't a file 
# 1,2 MiB
SecRequestBodyNoFilesLimit 1310720

# Max memory usage for incoming data
SecRequestBodyInMemoryLimit 134217728

# Buffer length for outgoing data
# 128 MiB in length
SecResponseBodyLimit 134217728

# Restrictions for request body errors
SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"

# Restrictions for multipart/form-data
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,msg:'Multipart request body \
failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_SEMICOLON_MISSING}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"

File upload error (e.g. images)

In some cases, you may get an error message similar to "request entity too large", even with files that are a only a few MB. The cause may be a coding error in the upload script, which hits the limit "SecRequestBodyNoFilesLimit".

File upload code must use Content-Type: multipart/form-data, not Content-Type: application/x-www-form-urlencoded.

You may hit this limit if you send large amounts of data in a way that's intended for text forms.

More info:


Keyword:  

Index

© 2018 Domeneshop AS · About us · Terms · Privacy policy