# ModSecurity Recommended Configuration

# --- Basic Config ---
SecRuleEngine On
SecRequestBodyAccess On
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecRequestBodyInMemoryLimit 131072
SecRequestBodyLimitAction Reject
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
     "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"

SecResponseBodyAccess Off
SecResponseBodyLimit 524288
SecResponseBodyLimitAction ProcessPartial

# --- Filesystem / Audit Log ---
SecTmpDir /tmp/
SecDataDir /tmp/
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHKZ
SecAuditLogType Serial
SecAuditLog /var/log/nginx/modsec_audit.log

# --- Argument Parsing ---
SecArgumentSeparator &
SecCookieFormat 0
SecUnicodeMapFile /etc/nginx/modsec/unicode.mapping 20127

# --- Status & Response ---
SecStatusEngine On