modsecurity Problem

It really depends....

It really depends on what ruleset you have that's blocking the action. What is the log saying , what rule is triggering this? check /etc/httpd/logs/audit_log and error_log

 

You can disable mod_security for a site in particular by adding this to their public_html/.htaccess file:

SecFilterEngine off

This turns off mod_security entirely for one site.

 

I disable the ability for mod_security to be controlled through .htaccess files. Otherwise, end users can just disable mod_security on their account and whatever ruleset you have in place will not apply to their account. This means, if they want to upload and run web exploits they can do so by just disabling mod_security in their .htaccess file.

One solution I found was to always use ID's in my mod_security rules. So you might formulate this specific rule as:

SecFilter "rootdir" id:1001,deny,log,status:406

For some reason I found you always have to include the ,deny,log,status:406 part into the rule. When adding an id the SecFilterDefaultAction does not seem to apply. This may have been something of my own doing, some setting I'm missing somewhere, or it may have just been in an old version of mod_security. At any rate, I always set up rules with a unique id.

Now in the httpd.conf file, in that account's particular VirualHost entry I can add the lines:

<IfModule mod_security.c>
<Location /path>
SecFilterRemove 1001
</Location>
</IfModule>

This removes the rootdir ruleset from being applied to any file accessed under the /path folder in that particular VirtualHost. The other mod_security rules still apply and rootdir will still get caught in directories that are not under the /path folder.

Hope this helps.