Межсетевое экранирование


Рекомендуемая конфигурация


Ниже приведена рекомендуемая минимальная конфигурация.

SecFilterEngine On

# Reject requests with status 403 SecFilterDefaultAction "deny, log, status:403"

# Some defaults SecFilterScanPOST On SecFilterCheckURLEncoding On SecFilterCheckUnicodeEncoding Off

# Accept almost all byte values SecFilterForceByteRange 1 255 SecUploadDir /tmp SecUploadKeepFiles Off

# Only accept request encoding we know how to handle # we exclude GET requests from this because some (automated) # client supply # "text/html" as Content-Type SecFilterSelective REQUEST_METHOD "!^(GET | HEAD) $" chain SecFilterSelective HTTP_Content-Type \ "!(^applicatin/x-www-form-urlencoded$ | ^multipart/form-data;)"

# Do not accept GET or HEAD requests with bodies SecFilterSelective REQUEST_METHOD "^(GET | HEAD)$" chain SecFilterSelective HTTP_Content-Length "!^$"

# Require Content-Length to be provided with every POST request SecFilterSelective REQUEST_METHOD "^POST$" chain SecFilterSelective HTTP_Content-Length "^$"

# Don’t accept transfer encodings we know we don’t handle SecFilterSelective HTTP_Transfer-Encoding "!^$"

Пример 11.1.

<


Начало  Назад