mod_security 406

[screege]

Hi I have read and searched and read and searched but nothing I am getting tons of erros with mod_security here are two of the most common one is from chirpys way to the web email script and the second is from php ads (now open ads):

grep lanets.net /usr/local/apache/logs/error_log

[Tue Dec 18 22:58:56 2007] [error] [client 189.135.227.243] ModSecurity: Access
denied with code 406 (phase 2). Pattern match "(?:\\\\b(??:n(?:et(?:\\\\b\\\\W
+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?ute|t)|elnet\\\\.exe
|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(
?:md(??:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\\\\\/]|\\\\
W*?\\\\.\\\\.)|hmod.{0,40}? ..." at REQUEST_HEADERS:Cookie. [id "950006"] [msg "
System Command Injection. Matched signature <; passwd>"] [severity "CRITICAL"] [
hostname "www.lanets.net"] [uri "/cgi-bin/email/umm.cgi"] [unique_id "gLMBtUU7HM
0AAFNYMGEAAAAD"]

and also with this:

[Tue Dec 18 23:00:01 2007] [error] [client 69.59.28.205] ModSecurity: Access den
ied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADER
S:User-Agent" required. [id "990011"] [msg "Request Indicates an automated progr
am explored the site"] [severity "NOTICE"] [hostname "ads.lanets.net"] [uri "/ph
p/maintenance/maintenance.php"] [unique_id "hIlb90U7HM0AAFOWLwUAAAAB"]

I only loaded the default config, mod security 1 never gave me a problem.

Thanks in advanced to who can help me.

[santosh.shelake]

Hello,

Please disable mod_security for the domain having a problem. Please create .htaccess file and add the following lines :

SecFilterEngine Off

[screege]

Tried it and it gives me a 500 error the server everytime I put it on the htacess file.