From Fedora Project Wiki
I'm going to document mod_security setup.
- yum install mod_security
- mkdir /var/lib/httpd/mod_security
- add SecDataDir /var/lib/httpd/mod_security to /etc/httpd/modsecurity.d/modsecurity_localrules.conf
In my test this removed all messages from the error log in apache. I would recommend that we add the following configuration directives to put the logging in their own files in modsecurity_localrules.conf:
SecAuditLog logs/modsec_audit.log
Ok, so I got my proxy fully set up so I can now post through my proxy. I've updated the mod_security configuration to be:
# Drop your local rules in here. SecDataDir /var/lib/httpd/mod_security SecAuditEngine RelevantOnly SecAuditLog logs/modsec_audit.log SecAuditLogParts ABCFHZ SecAuditLogStorageDir /var/lib/httpd/modsec_logs SecAuditLogType Concurrent SecDebugLog /var/lib/httpd/modsec_logs/modsec_debug.log SecDebugLogLevel 0