Results 1 to 4 of 4
  1. #1

    whm - Modsecurity in Apache 2 (SecFilterEngine Off broken?)

    Updating some of my apache 1.3 servers to 2.2 and compiling mod_security into apache this time around.

    Many accounts were using SecFilterEngine Off directive in .htaccess to bypass modescurity (SMF forums for example do it by default).

    This worked on apache 1.3 when modsec was loaded as an outside module.. now that it's integrated into apache, how do you specify in .htaccess to disable it?
    Ken O. TKO

  2. #2
    Join Date
    Nov 2005
    With the newest mod_security (2), you can't disable engine using .htaccess. You need to add the following lines in httpd.conf for the specific virtualhost:

    <IfModule mod_security2.c>
    SecRuleEngine Off
    Mellowhost - Providing High Quality Web Hosting Services since 2007
    SSD Cpanel Shared, SSD OpenVZ & KVM VPS Hosting
    A Hosting Provider with Complete SSD VPS & Shared Hosting.

  3. #3
    Right, you need to remove the old Mod_Security rules from all the .htaccess files and have to place them in the VirtualHost of the domains in the Apache configuration file as "mellow-h" said.

    Whatever rules you need to apply for an account, for a directory OR for a file will all go down in the VirtualHost of the domain.
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at] | Skype : madaboutlinux

  4. #4
    Thanks.. what a pain..

    what's the syntax then for doing it for a specific directory inside a vhost?

    Every SMF, Wordpress, and Joomla installation will break now and require this manual intervention unless a sizable subset of rules is eliminated
    Ken O. TKO

Similar Threads

  1. Upgraded Apache now ModSecurity is not working..
    By roacha in forum Hosting Security and Technology
    Replies: 5
    Last Post: 08-21-2009, 09:03 PM
  2. Apache or browser broken images...
    By zoli in forum Hosting Security and Technology
    Replies: 8
    Last Post: 01-04-2005, 03:13 PM
  3. Oh My God This Thread Is Broken! Links are broken too! WHT is broken!
    By websterworld in forum Web Hosting Lounge
    Replies: 67
    Last Post: 07-12-2004, 10:13 PM
  4. ModSecurity 1.7.4 for Apache 2.x remote off-by-one overflow
    By Steven in forum Hosting Security and Technology
    Replies: 0
    Last Post: 03-20-2004, 11:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts