networkapp:waf:mod-security
差分
このページの2つのバージョン間の差分を表示します。
両方とも前のリビジョン前のリビジョン次のリビジョン | 前のリビジョン | ||
networkapp:waf:mod-security [2018/11/14 15:08] – [OSのInstall] seirios | networkapp:waf:mod-security [2018/11/14 17:00] (現在) – [MonitorModeWAF] seirios | ||
---|---|---|---|
行 88: | 行 88: | ||
### ARP cache timeout | ### ARP cache timeout | ||
net.link.ether.inet.max_age=97 | net.link.ether.inet.max_age=97 | ||
+ | </ | ||
+ | セマフォの拡張はboot時に行う必要があるので、/ | ||
+ | <code - / | ||
### for WAF | ### for WAF | ||
kern.ipc.semmsl=340 # | kern.ipc.semmsl=340 # | ||
行 620: | 行 623: | ||
* <code diff MonitorModeBase.conf.diff> | * <code diff MonitorModeBase.conf.diff> | ||
# diff -u ../ | # diff -u ../ | ||
- | --- ../ | + | --- ../ |
- | +++ MM-Base.conf | + | +++ MM-Base.conf |
@@ -35,7 +35,8 @@ | @@ -35,7 +35,8 @@ | ||
# to the size of data, with files excluded. You want to keep that value as | # to the size of data, with files excluded. You want to keep that value as | ||
行 688: | 行 691: | ||
# | # | ||
- | # ModSecurity configuration for DropMode. | + | # ModSecurity configuration for DetectMode. |
Include / | Include / | ||
- | # OWASP CRS configuration. | + | # Load signature |
Include / | Include / | ||
Include / | Include / | ||
行 698: | 行 701: | ||
Include / | Include / | ||
- | # Include OWASP CRS Configurations and Signature Rules. | + | # Load Signature Rules. |
Include / | Include / | ||
Include / | Include / | ||
行 710: | 行 713: | ||
# ModSecurity preload configuration. | # ModSecurity preload configuration. | ||
# | # | ||
+ | # id: 1000 - 1999 : for OWASP CRS | ||
+ | # id: 2000 - 2999 : Reserve | ||
+ | # id: 3000 - 4999 : for local Sigs | ||
#SecAction " | #SecAction " | ||
行 717: | 行 723: | ||
# ModSecurity postload configuration. | # ModSecurity postload configuration. | ||
# | # | ||
+ | # id: 5000 - 5999 : for OWASP CRS | ||
+ | # id: 6000 - 6999 : Reserve | ||
+ | # id: 7000 - 8999 : for local Sigs | ||
# | # |
networkapp/waf/mod-security.1542175709.txt.gz · 最終更新: 2018/11/14 15:08 by seirios