SecRuleEngine Off
SecRequestBodyAccess On
SecResponseBodyAccess Off
#SecDebugLog /var/log/modsecurity/debug.log
SecDebugLogLevel 0
SecAuditLogParts ABIJ
SecAuditLogType Serial
#SecAuditLog /var/log/modsecurity/audit.log

# SQL Injection protection
SecRule ARGS "(?i)(union(\s+all)?\s+select|select\s+.*\s+from|insert\s+into|update\s+.*\s+set|delete\s+from|drop\s+table|or\s+1=1|--|#|/\*|\*/|\bexec\b|\bexecute\b)" \
    "id:950001,phase:2,deny,status:403,msg:'SQL Injection Attack Detected',log"

# XSS / HTML Injection protection
SecRule ARGS "(?i)(<script|javascript:|on\w+=|<img|<svg|<iframe|<object|<embed|<form|<input|%3c|%3e|%22|%27|%60)" \
    "id:950003,phase:2,deny,status:403,msg:'XSS/HTML Injection Detected',log"

# Remote File Inclusion protection
SecRule ARGS "(?i)(https?|ftp)://" \
    "id:950005,phase:2,deny,status:403,msg:'Remote File Inclusion Attempt',log"

# Command Injection protection
SecRule ARGS "(?i)(;|&&|\|\||\$\(|\`|\bexec\b|\bcmd\b|\bsystem\b)" \
    "id:950006,phase:2,deny,status:403,msg:'Command Injection Detected',log"

# Path Traversal protection
SecRule ARGS "(\./|\.\./)" \
    "id:950007,phase:2,deny,status:403,msg:'Path Traversal Attempt',log"