Disbale mod security for 1 site
Hi I am using apache 2.2 and mod security 2 with the default configs, my problem is that one site is using a php to call a jpg image but mod security keeps blocking it, I wanted to add the SecFilterEngine off to the htacess file but everytime I do it I get 500 internal server error for the whole site. Is there a way to disable mod security just for this site?
Thanks
Edit httpd.conf and add the following into site VirtualHost entry:
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Thanks a lot it works like a charm
This may get lost after cpanel updates. Please see the link below:
http://forums.cpanel.net/showthread....=mod_security2
After a while I have added the rule and now it doers not seem to work can anyone help me please? I addedd to one of my vhosts
<IfModule mod_security.c>
SecRuleEngine Off
</IfModule>
on /etc/httpd/conf/httpd.conf restarted apache but it is not working should I put in another place?
THANKS
Ok found the new code just put it in /etc/httpd/conf/httpd.conf before the </virtualhost> of the domain you want to disable it:
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Thanks
Blindly turning off mod_security entirely, even for one site, just because a rule triggers is for lack of a better word "stupid" to say the very least!
Don't turn off mod_security as that utterly defeats the point of having mod_security setup on your server in the first place! Subsequently, disabling one site leaves enough of a hole that the whole entire server may as well not have mod_security installed or enabled and may as well remove it entirely!
If you have a problem with a rule triggering, I suggest either rewrite the specific rule so that it doesn't trigger for that specific site or content or disable the offending rule (did you know you can disable individual rules?) and just that rule only --- leaving the rest of mod_security fully running!
LinkBack URL
About LinkBacks
Reply With Quote