The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How can i disable mod_secure for one single domain ?

Discussion in 'General Discussion' started by duranduran, Jan 31, 2008.

  1. duranduran

    duranduran Well-Known Member

    Joined:
    Apr 30, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    How can i disable mod_secure for one single domain ?
    Editing the .htaccess file in public_html ? (i have suphp instaled)
     
  2. duranduran

    duranduran Well-Known Member

    Joined:
    Apr 30, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Fix

    Put this in the .htaccess file:


    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>
     
  3. duranduran

    duranduran Well-Known Member

    Joined:
    Apr 30, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I suspect that what you're trying to do is prevent mod_security from a false hit on a particular domain, right?

    If so, there are much better solutions that will save you a lot of time. What I suspect you really want to do is to exclude a particular rule. If you just turn mod_security off for the whole account you're asking for trouble in the future. (and even this isn't a great technique, read on for a server-wide solution).

    A particular rule can be turned off by adding an id on the end of a rule:

    Code:
    SecFilterSelective "xmlrpc" "id:1001"
    Then, in your .htaccess file for the account with the problem you add:

    Code:
    <Location /administrator/>
       SecFilterRemove 1001
    </Location>
    However, a better approach might be to check out why the rule is failing and solve it server-wide. This fulfils the principle of "doing it once for all" in system administration, rather than going for point fixes each time and having to spend lots of time chasing your tail with that. For example, you could use an allow rule that explicitly matched the pattern used by Joomla:

    Code:
    # disable attempts to get into xmlrpc 7 Jul 2004 - xml rpc exploits
      # Joomla 1.5 exception May 2008...
       SecFilterSelective POST_PAYLOAD "&xmlrpc_server" allow
       SecFilter "xmlrpc"
       SecFilter "xml_rpc"
    
    What this does is allow the Joomla 1.5 use of xmlrpc and catch it everywhere else. (NOTE: this xmlrpc rule is a little extreme, there might be friendlier versions out there! Also NOTE: don't copy this pattern now I've published it!)

    Ivan Ristic, the author of the book "Apache Security", has written some great tutorials which are available at OnLamp - I based this post on this article amongst others:
    http://www.onlamp.com/pub/a/apache/2005/12/01/modsecurity.html
     
Loading...

Share This Page