ModSecurity™ Configuration

Configure Global Directives

Info: ModSecurity is not enabled on your server. You cannot set global configuration properties with ModSecurity disabled. Please refer to this document on how to install ModSecurity.
This interface allows you to configure a number of global settings for ModSecurity™. For more information about each supported directive, you can review additional details using the links provided with each directive.
Error: false
Success: You have successfully saved your ModSecurity™ settings.
SecAuditEngine
This setting controls the behavior of the audit engine.
Recommended
Debug Only Security Alert: We strongly recommend that you do not select this option. This option causes Apache to log every transaction, including your users’ and clients’ private data. The resulting log files will fill your system’s file partitions quickly.
SecAuditEngine
This setting controls the behavior of the audit engine.
If the “SecAuditEngine” directive does not appear in “modsec2.conf”, its default value is “Off”.

SecConnEngine
This setting controls the behavior of the connections engine.
SecConnEngine
This setting controls the behavior of the connections engine.
If the “SecConnEngine” directive does not appear in “modsec2.conf”, its default value is “Off”.

SecRuleEngine
This setting controls the behavior of the rules engine.
SecRuleEngine
This setting controls the behavior of the rules engine.
If the “SecRuleEngine” directive does not appear in “modsec2.conf”, its default value is “Off”.

SecDisableBackendCompression
Disables backend compression while leaving the frontend compression enabled.
SecDisableBackendCompression
Disables backend compression while leaving the frontend compression enabled.
If the “SecDisableBackendCompression” directive does not appear in “modsec2.conf”, its default value is “Off”.

SecGeoLookupDb
Specify a path for the geolocation database.
SecGeoLookupDb
Specify a path for the geolocation database.
If the “SecGeoLookupDb” directive does not appear in “modsec2.conf”, its default value is “”.

SecGsbLookupDb
Specify a path for the Google Safe Browsing Database.
SecGsbLookupDb
Specify a path for the Google Safe Browsing Database.
If the “SecGsbLookupDb” directive does not appear in “modsec2.conf”, its default value is “”.

SecGuardianLog
Specify an external program to pipe transaction log information to for additional analysis. The syntax is analogous to the .forward file, in which a pipe at the beginning of the field indicates piping to an external program.
SecGuardianLog
Specify an external program to pipe transaction log information to for additional analysis. The syntax is analogous to the .forward file, in which a pipe at the beginning of the field indicates piping to an external program.
If the “SecGuardianLog” directive does not appear in “modsec2.conf”, its default value is “”.

SecHttpBlKey
Specify a Project Honey Pot API Key for use with the @rbl operator.
SecHttpBlKey
Specify a Project Honey Pot API Key for use with the @rbl operator.
If the “SecHttpBlKey” directive does not appear in “modsec2.conf”, its default value is “”.

SecPcreMatchLimit
Define the match limit of the Perl Compatible Regular Expressions library.
SecPcreMatchLimit
Define the match limit of the Perl Compatible Regular Expressions library.
If the “SecPcreMatchLimit” directive does not appear in “modsec2.conf”, its default value is “1500”.

SecPcreMatchLimitRecursion
Define the match limit recursion of the Perl Compatible Regular Expressions library.
SecPcreMatchLimitRecursion
Define the match limit recursion of the Perl Compatible Regular Expressions library.
If the “SecPcreMatchLimitRecursion” directive does not appear in “modsec2.conf”, its default value is “1500”.