bsasninja

Well-Known Member
Sep 2, 2004
527
0
166
I have some rules in mod_security but they are making trouble with a webmail system. How do I disable mod_security for that domain?? which is the line I should add to the virtual host at httpd.conf ??

Help will be appreciated.

Thanks!!
 

tweakservers

Well-Known Member
Mar 30, 2006
379
0
166
as far as you may concern, mod_security is loaded at Apache and compiled into and there's no option of disabling it per domain at the moment.
 

simplybe

Well-Known Member
Nov 29, 2002
153
0
166
htaccess can turn it off for a domain. add

<IfModule mod_security.c>
# Turn off mod_security filtering.
SecFilterEngine Off

# The below probably isn't needed.
SecFilterScanPOST Off
</IfModule>

to their htaccess file, although it would be better to fix the rules if they are breaking webmail rather than leaving a domain un protected.

You can add eclusions to mode sec, check the logs and see what is causing the problem and either remove the rule or add an exlusion for the script that is having problems.

eg
###########################################
#script exclusions
###########################################
<LocationMatch "myscript.php">
SecFilterInheritance Off
</LocationMatch>
 

ramprage

Well-Known Member
Jul 21, 2002
651
0
166
Canada
While this works, for a production environment mod_security should be compiled in with the option to not allow users to alter it with .htaccess.

Instead the rules should be corrected or whitelist the user in httpd.conf
 

kuwaitnt

Well-Known Member
Oct 13, 2003
75
0
156
While this works, for a production environment mod_security should be compiled in with the option to not allow users to alter it with .htaccess.

Instead the rules should be corrected or whitelist the user in httpd.conf

how can we do it ??

manual or from easyapache ?

if manual can we know how ?