The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to exlude mod_security

Discussion in 'Security' started by richenou, Dec 31, 2007.

  1. richenou

    richenou Well-Known Member
    PartnerNOC

    Joined:
    Feb 17, 2004
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    hi
    how to exclude a site from mod_security rules in apache 2?
    with .htaccess?

    thanks
     
  2. richenou

    richenou Well-Known Member
    PartnerNOC

    Joined:
    Feb 17, 2004
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    here is the log , the site run SPIP:



    [31/Dec/2007:11:57:42 +0100]
    Pattern match "iframe\\x20" at REQUEST_LINE.

    [31/Dec/2007:11:57:42 +0100] 6dnb2cEiEcQAAC6cOa8AAAAC 82.124.31.222 60101 193.34.17.196 80
    --afd04315-B--
    GET /ecrire/?exec=iconifier&type=id_article&id_article=277&script=articles&iframe=iframe HTTP/1.1
    Accept: */*
    Referer: http://www.free-xxx.com/ecrire/?exec=articles&id_article=277
    Accept-Language: fr
    UA-CPU: x86
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)
    Host: www.free-xxxx.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Cookie: spip_accepte_ajax=1; __qca=1199060222-25673677-48201742; __qcb=1456048064; __utma=122799964.2024313330.1199096419.1199096419.1199098639.2; __utmb=122799964.1; __utmc=122799964.1; __utmz=122799964.1199096419.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); spip_session=1_c11fce5bcaef31a92d18a7e7332fdbf2; spip_admin=%40mattos19

    --afd04315-F--
    HTTP/1.1 406 Not Acceptable
    Content-Length: 390
    Keep-Alive: timeout=15, max=57
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1

    --afd04315-H--
    Message: Access denied with code 406 (phase 2). Pattern match "iframe\\x20" at REQUEST_LINE.
    Action: Intercepted (phase 2)
    Stopwatch: 1199098662869977 1013 (630 854 -)
    Producer: ModSecurity v2.1.4 (Apache 2.x)
    Server: Apache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.25 PHP/5.2.4
     
  3. richenou

    richenou Well-Known Member
    PartnerNOC

    Joined:
    Feb 17, 2004
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    I added in the .htacces file:


    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>
     
  4. madan.cpanelnet

    madan.cpanelnet Well-Known Member

    Joined:
    Apr 1, 2006
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    INDIA
    Only the following should be enough in .htaccess ...........

    SecFilterEngine Off
    SecFilterScanPOST Off
     
  5. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    If you use "rule numbers" in your mod_security config you can actually specify which rule numbers are not to be run on a certain directory, rather than simply turning it off completely, which could prove risky as time goes on.
     
  6. Bailey

    Bailey Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    120
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Wisconsin
    brianoz, I have wondered if this was possible ... that would be perfect ... any chance you have an example of how to do that exactly? Pretty please??? :D

    :D Bailey
     
Loading...

Share This Page