# Original of the latest recommended version: # https://github.com/owasp-modsecurity/ModSecurity/blob/v3/master/modsecurity.conf-recommended # Directives configured upstream (in the same order) SecRuleEngine ${MODSEC_RULE_ENGINE} SecRequestBodyAccess ${MODSEC_REQ_BODY_ACCESS} SecRequestBodyLimit ${MODSEC_REQ_BODY_LIMIT} SecRequestBodyNoFilesLimit ${MODSEC_REQ_BODY_NOFILES_LIMIT} SecRequestBodyLimitAction ${MODSEC_REQ_BODY_LIMIT_ACTION} SecRequestBodyJsonDepthLimit ${MODSEC_REQ_BODY_JSON_DEPTH_LIMIT} SecArgumentsLimit ${MODSEC_ARGUMENTS_LIMIT} SecPcreMatchLimit ${MODSEC_PCRE_MATCH_LIMIT} SecPcreMatchLimitRecursion ${MODSEC_PCRE_MATCH_LIMIT_RECURSION} SecResponseBodyAccess ${MODSEC_RESP_BODY_ACCESS} SecResponseBodyMimeType ${MODSEC_RESP_BODY_MIMETYPE} SecResponseBodyLimit ${MODSEC_RESP_BODY_LIMIT} SecResponseBodyLimitAction ${MODSEC_RESP_BODY_LIMIT_ACTION} SecTmpDir ${MODSEC_TMP_DIR} SecDataDir ${MODSEC_DATA_DIR} SecAuditEngine ${MODSEC_AUDIT_ENGINE} SecAuditLogRelevantStatus "${MODSEC_AUDIT_LOG_RELEVANT_STATUS}" SecAuditLogParts ${MODSEC_AUDIT_LOG_PARTS} SecAuditLogType ${MODSEC_AUDIT_LOG_TYPE} SecAuditLog ${MODSEC_AUDIT_LOG} SecArgumentSeparator ${MODSEC_ARGUMENT_SEPARATOR} SecCookieFormat ${MODSEC_COOKIE_FORMAT} SecUnicodeMapFile unicode.mapping ${MODSEC_UNICODE_MAPPING} SecStatusEngine ${MODSEC_STATUS_ENGINE} # Additional directives SecAuditLogFormat ${MODSEC_AUDIT_LOG_FORMAT} SecAuditLogStorageDir ${MODSEC_AUDIT_STORAGE_DIR} SecDebugLog ${MODSEC_DEBUG_LOG} SecDebugLogLevel ${MODSEC_DEBUG_LOGLEVEL} SecDisableBackendCompression ${MODSEC_DISABLE_BACKEND_COMPRESSION} SecTmpSaveUploadedFiles ${MODSEC_TMP_SAVE_UPLOADED_FILES} SecUploadDir ${MODSEC_UPLOAD_DIR} SecUploadFileMode ${MODSEC_UPLOAD_FILE_MODE} SecUploadKeepFiles ${MODSEC_UPLOAD_KEEP_FILES} # Rules configured upstream (in the same order) SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" SecRule REQUEST_HEADERS:Content-Type "^application/json" \ "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" SecRule &ARGS "@ge ${MODSEC_ARGUMENTS_LIMIT}" \ "id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2" SecRule REQBODY_ERROR "!@eq 0" \ "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ "id:'200003',phase:2,t:none,log,deny,status:400, \ msg:'Multipart request body failed strict validation: \ PE %{REQBODY_PROCESSOR_ERROR}, \ BQ %{MULTIPART_BOUNDARY_QUOTED}, \ BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ DB %{MULTIPART_DATA_BEFORE}, \ DA %{MULTIPART_DATA_AFTER}, \ HF %{MULTIPART_HEADER_FOLDING}, \ LF %{MULTIPART_LF_LINE}, \ SM %{MULTIPART_MISSING_SEMICOLON}, \ IQ %{MULTIPART_INVALID_QUOTING}, \ IP %{MULTIPART_INVALID_PART}, \ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \ "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" SecRule TX:/^MSC_/ "!@streq 0" \ "id:'200005',phase:2,t:none,log,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" # Additional rules SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \ "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" # Gemini: Include Custom Rules include /etc/nginx/custom_rules/*.conf