HEX
Server: Apache
System: Linux opal14.opalstack.com 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
User: curbgloabal_opal (1234)
PHP: 8.1.29
Disabled: exec,passthru,shell_exec,system
$ pwd: /etc/httpd/conf.modules.d/
Upload Files
File: //etc/httpd/conf.modules.d/security.conf
<IfModule mod_security2.c>
    # Default recommended configuration
    SecRuleEngine On
    SecRequestBodyAccess On
    SecRule REQUEST_HEADERS:Content-Type "text/xml" \
      "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
    SecRequestBodyLimit 500000000
    SecRequestBodyNoFilesLimit 500000000
    SecRequestBodyInMemoryLimit 1000000
    SecRequestBodyLimitAction Reject
    SecRule REQBODY_ERROR "!@eq 0" \
      "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
    SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
      "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: \
      PE %{REQBODY_PROCESSOR_ERROR}, \
      BQ %{MULTIPART_BOUNDARY_QUOTED}, \
      BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
      DB %{MULTIPART_DATA_BEFORE}, \
      DA %{MULTIPART_DATA_AFTER}, \
      HF %{MULTIPART_HEADER_FOLDING}, \
      LF %{MULTIPART_LF_LINE}, \
      SM %{MULTIPART_MISSING_SEMICOLON}, \
      IQ %{MULTIPART_INVALID_QUOTING}, \
      IP %{MULTIPART_INVALID_PART}, \
      IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
      FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"

    SecRule &REQUEST_HEADERS:Proxy "@gt 0" "id:1000005,log,deny,msg:'httpoxy denied'"


    #SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
    #  "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"

    SecPcreMatchLimit 1500
    SecPcreMatchLimitRecursion 1500

    SecRule TX:/^MSC_/ "!@streq 0" \
      "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"

    SecResponseBodyAccess Off
    SecResponseBodyMimeType text/plain text/html text/xml
    SecResponseBodyLimit 524288
    SecResponseBodyLimitAction ProcessPartial
    SecDebugLogLevel 3
    SecAuditEngine Off
    SecAuditLogRelevantStatus "^(?:5|4(?!04))"
    SecAuditLogParts ABIJDEFHZ
    SecAuditLogType Serial
    SecArgumentSeparator &
    SecCookieFormat 0
    SecDebugLog /var/log/httpd/modsec_debug.log
    SecAuditLog /var/log/httpd/modsec_audit.log
    SecTmpDir /var/tmp
    SecDataDir /var/tmp
    SecUploadDir /var/tmp
    SecUploadKeepFiles Off

    # ModSecurity Core Rules Set configuration
    IncludeOptional /etc/httpd/modsecurity.d/*.conf
    IncludeOptional /etc/httpd/modsecurity.d/activated_rules/*.conf
</IfModule>
@ Telegram