Update modsecurity.conf file for IIS build

Author: victorhora

iis/wix/modsecurity.conf

@@ -20,7 +20,7 @@ SecRequestBodyAccess On
 # Enable XML request body parser.
 # Initiate XML Processor in case of xml content-type
 #
-SecRule REQUEST_HEADERS:Content-Type "text/xml" \
+SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
      "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
 
 # Enable JSON request body parser.
@@ -40,7 +40,7 @@ SecRequestBodyLimit 13107200
 SecRequestBodyNoFilesLimit 131072
 
 # Store up to 128 KB of request body data in memory. When the multipart
-# parser reachers this limit, it will start using your hard disk for
+# parser reaches this limit, it will start using your hard disk for
 # storage. That is slow, but unavoidable.
 #
 SecRequestBodyInMemoryLimit 131072
@@ -110,7 +110,7 @@ SecRule TX:/^MSC_/ "!@streq 0" \
 # Do keep in mind that enabling this directive does increases both
 # memory consumption and response latency.
 #
-#SecResponseBodyAccess On
+SecResponseBodyAccess On
 
 # Which response MIME types do you want to inspect? You should adjust the
 # configuration below to catch documents but avoid static files
@@ -151,7 +151,7 @@ SecDataDir c:\inetpub\temp\
 # location must be private to ModSecurity. You don't want other users on
 # the server to access the files, do you?
 #
-#SecUploadDir /opt/modsecurity/var/upload/
+#SecUploadDir c:\inetpub\temp\
 
 # By default, only keep the files that were determined to be unusual
 # in some way (by an external inspection script). For this to work you
@@ -171,7 +171,7 @@ SecDataDir c:\inetpub\temp\
 # The default debug log configuration is to duplicate the error, warning
 # and notice messages from the error log.
 #
-#SecDebugLog /opt/modsecurity/var/log/debug.log
+#SecDebugLog c:\inetpub\temp\debug.log
 #SecDebugLogLevel 3
 
 
@@ -181,17 +181,17 @@ SecDataDir c:\inetpub\temp\
 # trigger a server error (determined by a 5xx or 4xx, excluding 404,  
 # level response status codes).
 #
-#SecAuditEngine RelevantOnly
-#SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+SecAuditEngine RelevantOnly
+SecAuditLogRelevantStatus "^(?:5|4(?!04))"
 
 # Log everything we know about a transaction.
-#SecAuditLogParts ABIJDEFHZ
+SecAuditLogParts ABIJDEFHZ
 
 # Use a single file for logging. This is much easier to look at, but
 # assumes that you will use the audit log only ocassionally.
 #
-#SecAuditLogType Serial
-#SecAuditLog c:\inetpub\log\modsec_audit.log
+SecAuditLogType Serial
+SecAuditLog c:\inetpub\log\modsec_audit.log
 
 # Specify the path for concurrent audit logging.
 #SecAuditLogStorageDir c:\inetpub\log\
@@ -216,8 +216,7 @@ SecCookieFormat 0
 # to properly map encoded data to your language. Properly setting
 # these directives helps to reduce false positives and negatives.
 #
-#SecUnicodeCodePage 20127
-#SecUnicodeMapFile unicode.mappinga
+SecUnicodeMapFile unicode.mapping 20127
 
 # Improve the quality of ModSecurity by sharing information about your
 # current ModSecurity version and dependencies versions.