Reference Manual: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecUploadDir<https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecResponseBodyLimit> https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecUploadKeepFiles https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecUploadFileMode
Current setting: # -- File uploads handling configuration ------------------------------------- # The location where ModSecurity stores intercepted uploaded files. This # location must be private to ModSecurity. You don't want other users on # the server to access the files, do you? # #SecUploadDir /opt/modsecurity/var/upload/ # By default, only keep the files that were determined to be unusual # in some way (by an external inspection script). For this to work you # will also need at least one file inspection rule. # #SecUploadKeepFiles RelevantOnly # Uploaded files are by default created with permissions that do not allow # any other user to access them. You may need to relax that if you want to # interface ModSecurity to an external program (e.g., an anti-virus). # #SecUploadFileMode 0600 Rationale: The default for file upload directives is to have them commented out. If you want to enable the capability of saving uploaded files, then you must uncomment them and set the appropriate path location for the SecUploadDir. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
