example/plugins/lua-api/modsecurity/owasp.conf - trafficserver - Git at Google

 #  Licensed to the Apache Software Foundation (ASF) under one
 #  or more contributor license agreements.  See the NOTICE file
 #  distributed with this work for additional information
 #  regarding copyright ownership.  The ASF licenses this file
 #  to you under the Apache License, Version 2.0 (the
 #  "License"); you may not use this file except in compliance
 #  with the License.  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.


 ## Modsecurity Configuration file for CRS. See README.md for details

 SecRuleEngine On

 ## Uncomment the following 2 lines to enable auditing and put audit logs in /tmp/audit.log
 #SecAuditEngine On
 #SecAuditLog /tmp/audit.log

 # Uncomment the following 2 lines to enable debuging and put debug logs in /tmp/debug.log
 #SecDebugLog /tmp/debug.log
 #SecDebugLogLevel 9

 ## include CRS setup configuration and rules
 Include "crs-setup.conf"
 Include "rules/*.conf"

 # Remove rules checking response body
 SecRuleRemoveById 950130
 SecRuleRemoveById 950140
 SecRuleRemoveById 951100
 SecRuleRemoveById 951110
 SecRuleRemoveById 951120
 SecRuleRemoveById 951130
 SecRuleRemoveById 951140
 SecRuleRemoveById 951150
 SecRuleRemoveById 951160
 SecRuleRemoveById 951170
 SecRuleRemoveById 951180
 SecRuleRemoveById 951190
 SecRuleRemoveById 951200
 SecRuleRemoveById 951210
 SecRuleRemoveById 951220
 SecRuleRemoveById 951230
 SecRuleRemoveById 951240
 SecRuleRemoveById 951250
 SecRuleRemoveById 951260
 SecRuleRemoveById 952110
 SecRuleRemoveById 953100
 SecRuleRemoveById 953110
 SecRuleRemoveById 953120
 SecRuleRemoveById 954100
 SecRuleRemoveById 954110
 SecRuleRemoveById 954120
 SecRuleRemoveById 954130

 # Remove rules checking request body
 SecRuleRemoveById 920240
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.


	## Modsecurity Configuration file for CRS. See README.md for details

	SecRuleEngine On

	## Uncomment the following 2 lines to enable auditing and put audit logs in /tmp/audit.log
	#SecAuditEngine On
	#SecAuditLog /tmp/audit.log

	# Uncomment the following 2 lines to enable debuging and put debug logs in /tmp/debug.log
	#SecDebugLog /tmp/debug.log
	#SecDebugLogLevel 9

	## include CRS setup configuration and rules
	Include "crs-setup.conf"
	Include "rules/*.conf"

	# Remove rules checking response body
	SecRuleRemoveById 950130
	SecRuleRemoveById 950140
	SecRuleRemoveById 951100
	SecRuleRemoveById 951110
	SecRuleRemoveById 951120
	SecRuleRemoveById 951130
	SecRuleRemoveById 951140
	SecRuleRemoveById 951150
	SecRuleRemoveById 951160
	SecRuleRemoveById 951170
	SecRuleRemoveById 951180
	SecRuleRemoveById 951190
	SecRuleRemoveById 951200
	SecRuleRemoveById 951210
	SecRuleRemoveById 951220
	SecRuleRemoveById 951230
	SecRuleRemoveById 951240
	SecRuleRemoveById 951250
	SecRuleRemoveById 951260
	SecRuleRemoveById 952110
	SecRuleRemoveById 953100
	SecRuleRemoveById 953110
	SecRuleRemoveById 953120
	SecRuleRemoveById 954100
	SecRuleRemoveById 954110
	SecRuleRemoveById 954120
	SecRuleRemoveById 954130

	# Remove rules checking request body
	SecRuleRemoveById 920240