ModSecurity Configuration with Apache2 on Debian/Ubuntu

Default recommend configuration file /etc/modsecurity/modsecurity.conf to Malware.Expert rules.

modsecurity.conf

SecRuleEngine On
SecRequestBodyAccess On

SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072

SecRequestBodyInMemoryLimit 131072

SecRequestBodyLimitAction ProcessPartial
SecResponseBodyLimitAction ProcessPartial

SecDefaultAction "phase:1,deny,log,status:406"
SecDefaultAction "phase:2,deny,log,status:406"

SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000

SecCollectionTimeout 600

SecTmpDir /tmp/
SecDataDir /tmp/
SecUploadDir /tmp/

SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /var/log/apache2/modsec_audit.log

SecArgumentSeparator &
SecCookieFormat 0
SecUnicodeMapFile unicode.mapping 20127