Listing 1 -- Example http.conf for Modsecurity

<IfModule mod_security.c>
    # Turn the filtering engine On or Off
    SecFilterEngine On
    
    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On
    
    # Unicode encoding check
    SecFilterCheckUnicodeEncoding Off
    
    # Only allow bytes from this range
    SecFilterForceByteRange 0 255
    
    # Only log suspicious requests
    SecAuditEngine RelevantOnly
    
    # The name of the audit log file
    SecAuditLog logs/audit_log
    # Debug level set to a minimum
    SecFilterDebugLog logs/modsec_debug_log    
    SecFilterDebugLevel 0
    
    # Should mod_security inspect POST payloads
    SecFilterScanPOST On
    
    # By default log and deny suspicious requests
    # with HTTP status 500
    SecFilterDefaultAction "deny,log,status:500"

    # Redirect user on filter match
    SecFilter xxx redirect:http://www.webkreator.com

    # Execute the external script on filter match
    SecFilter yyy log,exec:/home/ivanr/apache/bin/report-attack.pl

    # Simple filter
    SecFilter 111
    
    # Only check the QUERY_STRING variable
    SecFilterSelective QUERY_STRING 222

    # Only check the body of the POST request
    SecFilterSelective POST_PAYLOAD 333

    # Only check arguments (will work for GET and POST)
    SecFilterSelective ARGS 444

    # Test filter
    SecFilter "/cgi-bin/keyword"

    # Another test filter, will be denied with 404 but not logged
    # action supplied as a parameter overrides the default action
    SecFilter 999 "deny,nolog,status:404"

    # Prevent OS specific keywords
    SecFilter /etc/password

    # Prevent path traversal (..) attacks
    SecFilter "\.\./"

    # Weaker XSS protection but allows common HTML tags
    SecFilter "<( |\n)*script"

    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<(.|\n)+>"

    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"

    # Require HTTP_USER_AGENT and HTTP_HOST headers
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

    # Forbid file upload
    SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data

    # Only watch argument p1
    SecFilterSelective "ARG_p1" 555

    # Watch all arguments except p1
    SecFilterSelective "ARGS|!ARG_p2" 666

    # Only allow our own test utility to send requests (or Mozilla)
    SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"

    # Do not allow variables with this name
    SecFilterSelective ARGS_NAMES 777

    # Do not allow this variable value (names are ok)
    SecFilterSelective ARGS_VALUES 888
	
    # Put your mod_security rules here
    # ...

</IfModule>

