Discussion
If you need to create your own custom rules, do not change the asl*conf files. These files will be overwritten by updates.
The use of "asl" in the filename is also reserved. Do not name custom files with "asl" in the filename, for example, 99_asl_custom.conf. This file may be overwritten or deleted by the rule management system. Do not create custom rules with "asl" in the filename.
Rule Ids for custom rules
For custom rules, you must create your own rule ids which must be unique. The id: fields contain the rule ids. For custom rules you should use the local (internal) use range (see below for the reserved id ranges). Do not use assigned ranges.
These are the reserved ranges:
* 1-99,999; reserved for local (internal) use. Use as you see fit but do not use this range for rules that are distributed to others. * 100,000-199,999; reserved for internal use of the engine, to assign to rules that do not have explicit IDs. (deprecated, all rules require assigned ids in 2.7.x and up) * 200,000-299,999; reserved for rules published at modsecurity.org. * 300,000-399,999; reserved for rules published by atomicorp.com * 400,000-419,999; unused (available for reservation). * 420,000-429,999; reserved for ScallyWhack. * 430,000-699,999; unused (available for reservation). * 700,000-799,999; reserved for Ivan Ristic. * 900,000-999,999; reserved for the Core Rules project. * 1,000,000 and above; unused (available for reservation).
Installing custom rules
Linux
Apache
Step 1) Create your custom rules directory:
mkdir /etc/httpd/modsecurity.custom.d
Step 2) Create a configuration file for your custom rules in /etc/httpd/conf.d directory. For example:
Create the file 01_modsecurity.conf and add this line to it:
Include modsecurity.custom.d/99_zzz_custom.conf
You can download an example file from the URL below that will do this:
And add 01_modsecurity.conf to this directory:
/etc/httpd/conf.d
If you have wget installed on your system, the following commands will do this automatically for you:
cd /etc/httpd/conf.d
wget https://www.atomicorp.com/examples/01_modsecurity.conf
Note: If you are using a control panel that does not follow the file system standards for Linux, such as cpanel, you will need to add these files to different locations on your system. Please contact your control panel vendor for assistance.
Step 3) Install your custom rules in the /etc/httpd/modsecurity.custom.d directory
cd /etc/httpd/modsecurity.custom.d
and edit the file 99_zzz_custom.conf and put in your custom rules.
You can also download an example custom rule file by running these commands:
cd /etc/httpd/modsecurity.custom.d
wget https://www.atomicorp.com/examples/99_zzz_custom.conf
Step 4) Test your apache configuration
service httpd configtest
If you have any errors, do not restart apache. You will need to correct these errors or apache will not start.
Step 5) If your test was successful, restart apache.
service httpd restart
Our professional services group would be happy to help you with your custom rules needs, including developing the rules for you. If your request is something that we can safely include in the rules for all our customers, we're generally able to develop these new rules for free. Please contact us to discuss your rules needs.
Windows
IIS
Step 1) Modify your modsecurity configuration file on windows and add this line to the end of your configuration. For example:
Include 99_zzz_custom.conf
Step 2) Create the file 99_zzz_custom.conf and save it in the same directory as your modsecurity config file
Step 3)Restart IIS
Our professional services group would be happy to help you with your custom rules needs, including developing the rules for you. If your request is something that we can safely include in the rules for all our customers, we're generally able to develop these new rules for free. Please contact us to discuss your rules needs.