Results 1 to 4 of 4
  1. #1
    Join Date
    May 2004
    Location
    Pflugerville, TX
    Posts
    11,222

    mod_security: I just can't find the setting...

    Hi everyone,

    I'm having some difficulty finding a setting that should be so easy and obvious, but I'm not seeing it in the configuration file nor within the interface we have installed in WHM. I must have overlooked it in the mod_security documentation, because it's not jumping out at me there either.

    So, where do you set up mod_security so individual accounts can override it via .htaccess? Even better, can the "allow override" setting be applied on a per-account basis? I would prefer instructions for adjusting this through WHM, only because cPanel occasionally pitches a fit if you change settings manually, but if this isn't possible, editing the .conf file directly would be just fine.

    I'm very new to mod_security (and my server administration knowledge is limited, though a simple setting change shouldn't be out of my grasp), so thank you in advance for your patience

    Paul
    Studio1337___̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡̡.__Web Design

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    I'm going to assume you're referring to mod_security v1, in which case the user has to put the following in an .htaccess file under their public_html directory:

    SecFilterEngine Off
    SecFilterScanPOST Off


    To my knowledge there is no way to "whitelist" an entire domain from the mod_security v1 configuration files, but if you're using Apache 2 and mod_security v2 then the following will work:

    SecRule SERVER_NAME "domain.com" phase:1,nolog,allow,ctl:ruleEngine=off
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  3. #3
    Join Date
    May 2004
    Location
    Pflugerville, TX
    Posts
    11,222
    Hi Pat,

    Thanks for the info. This server is indeed running Apache 2. I'll give that line a try and report back if anything is problematic.

    Thanks again!

    Paul
    Studio1337___̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡̡.__Web Design

  4. #4
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    I should also mention that the last line has to go before the </IfModule> at the top of the configuration file.

    Example:

    <IfModule mod_security2.c>
    SecRuleEngine On
    SecRequestBodyAccess On
    SecAuditEngine RelevantOnly
    SecAuditLog logs/modsec_audit.log
    SecDebugLog logs/modsec_debug_log
    SecDebugLogLevel 0
    SecDefaultAction "phase:2,deny,log,status:406"
    SecRule REMOTE_ADDR "^127.0.0.1$" nolog,allow
    SecRule SERVER_NAME "domain.com" phase:1,nolog,allow,ctl:ruleEngine=off
    </IfModule>

    (domain.com being the local domain you want to disable mod_security for...)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •