Recipe 5-1: Request Body Access
This recipe shows you how to configure ModSecurity to gain access to various types of request body content.
Ingredients
- Libxml2 module1
- ModSecurity
- SecRequestBodyAccess directive
- SecRequestBodyLimit directive
- SecRequestBodyNoFilesLimit directive
- SecRequestBodyInMemoryLimit directive
- SecRequestBodyLimitAction directive
- ctl:requestBodyProcessor action
- ctl:forceRequestBodyVariable action
Basic Directives
By default, ModSecurity does not access, process, or analyze request body content. This poses serious issues with regard to false negatives, because attackers can easily evade detection by sending their attacks in POST body parameters. To gain insight into request bodies, you must configure a few ModSecurity directives. Here is a sample listing:
# -- Request body handling ----------------------------------------- # Allow ModSecurity to access request bodies. If you don't, # ModSecurity won't be able to see any POST parameters, which opens # a large security hole for attackers to exploit. # SecRequestBodyAccess On # Maximum request body size we will accept for buffering. If you # support file uploads then the value given on the first line has to # be as large as the largest file you are willing to accept. The # second value refers to the size of data, with files excluded. You # want to keep that value as low as practical. # SecRequestBodyLimit 13107200 SecRequestBodyNoFilesLimit 131072 # Store up to 128 KB of request body data in memory. When ...Get Web Application Defender's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
