Appendix A. Directives and Variables


This section contains a list of the directives available for use in your ModSecurity configuration file. These directives can be used in the main Apache configuration file, but as we have seen in previous chapters, placing your ModSecurity directives in a separate file is recommended as this makes it much easier to maintain your configuration.


SecAction lets you unconditionally execute actions. This essentially makes it a SecRule statement without the conditional part.

Syntax: SecAction action1,action2,action3
Example: SecAction setuid:%{REMOTE_USER},nolog


Specifies which character to use as a separator in forms and other content that uses the MIME type application/x-www-form-urlencoded ...

Get ModSecurity 2.5 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.