Reference Manual: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecDataDir<https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecResponseBodyLimit> https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecTmpDir<https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecResponseBodyLimitAction>
Current setting: # -- Filesystem configuration ------------------------------------------------ # The location where ModSecurity stores temporary files (for example, when # it needs to handle a file upload that is larger than the configured limit). # # This default setting is chosen due to all systems have /tmp available however, # this is less than ideal. It is recommended that you specify a location that's private. # SecTmpDir /tmp/ # The location where ModSecurity will keep its persistent data. This default setting # is chosen due to all systems have /tmp available however, it # too should be updated to a place that other users can't access. # SecDataDir /tmp/ Rationale: These default settings were chosen due /tmp being available on all systems, however, from a security perspective you should update these settings to point to restricted locations where only Apache has access. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
