File: //etc/cPMalScan/modsec2.cpmalscan.conf
# Logs WordPress sign-in attempts
SecRule REQUEST_FILENAME "@endsWith wp-login.php" \
"id:700500,\
chain,\
msg:'WordPress login attempt||%{tx.domain}',\
pass,\
log,\
t:none,t:urlDecode,t:normalizePath,t:lowercase,\
phase:2,\
rev:'1',\
maturity:'1',\
severity:'WARNING'"
SecRule REQUEST_METHOD "^POST$"
# Protects against RCE through CSRF in Magento
# Additional info: http://www.defensecode.com/advisories/DC-2017-04-003_Magento_Arbitrary_File_Upload.pdf
SecRule REQUEST_FILENAME "@rx /pub/media/tmp/catalog/product/_/h/.*" \
"id:700501,msg:'Magento 2.1.6 and below access to uploaded file DC-2017-04-003||%{tx.domain}',phase:2,log,deny,status:403,t:none,t:urlDecode,t:normalizePath,t:lowercase,rev:'1',maturity:'1',severity:2,ctl:RuleEngine=on"
SecRequestBodyAccess On
SecRequestBodyLimit 134217728
SecRequestBodyNoFilesLimit 1048576
SecRequestBodyInMemoryLimit 131072
SecTmpDir /tmp
SecUploadDir /tmp
SecUploadKeepFiles RelevantOnly
SecRequestBodyLimitAction ProcessPartial
SecDisableBackendCompression On
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html
SecResponseBodyLimit 524288
SecResponseBodyLimitAction ProcessPartial
#SecStreamOutBodyInspection On
SecDebugLogLevel 1
SecRule FILES "@inspectFile /etc/cPMalScan/modsec_files.php" "id:700100,log,auditlog,phase:2,status:412,msg:'Upload Blocked. File Extension not allowed. Contact System Administrator if you think this is an error'"
SecRule FILES_TMPNAMES "@inspectFile /etc/cPMalScan/modsec_scan.php" "id:700101,log,auditlog,phase:2,status:412,log,msg:'Upload Blocked due to Malware Content. Contact System Administrator if you think this is an error'"