The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disbale mod security for 1 site

Discussion in 'cPanel Developers' started by screege, Feb 3, 2008.

  1. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Hi I am using apache 2.2 and mod security 2 with the default configs, my problem is that one site is using a php to call a jpg image but mod security keeps blocking it, I wanted to add the SecFilterEngine off to the htacess file but everytime I do it I get 500 internal server error for the whole site. Is there a way to disable mod security just for this site?

    Thanks
     
  2. s.a.

    s.a. Active Member
    PartnerNOC

    Joined:
    Aug 16, 2007
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Toronto, Canada
    Edit httpd.conf and add the following into site VirtualHost entry:

    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>
     
  3. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Thanks a lot it works like a charm
     
  4. elevenx

    elevenx Member
    PartnerNOC

    Joined:
    Oct 8, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
  5. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    After a while I have added the rule and now it doers not seem to work can anyone help me please? I addedd to one of my vhosts
    <IfModule mod_security.c>
    SecRuleEngine Off
    </IfModule>

    on /etc/httpd/conf/httpd.conf restarted apache but it is not working should I put in another place?

    THANKS
     
  6. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Ok found the new code just put it in /etc/httpd/conf/httpd.conf before the </virtualhost> of the domain you want to disable it:

    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>

    Thanks
     
  7. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Blindly turning off mod_security entirely, even for one site, just because a rule triggers is for lack of a better word "stupid" to say the very least! :rolleyes:

    Don't turn off mod_security as that utterly defeats the point of having mod_security setup on your server in the first place! Subsequently, disabling one site leaves enough of a hole that the whole entire server may as well not have mod_security installed or enabled and may as well remove it entirely!

    If you have a problem with a rule triggering, I suggest either rewrite the specific rule so that it doesn't trigger for that specific site or content or disable the offending rule (did you know you can disable individual rules?) and just that rule only --- leaving the rest of mod_security fully running!
     
Loading...

Share This Page