var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
whm - Modsecurity in Apache 2 (SecFilterEngine Off broken?)
Updating some of my apache 1.3 servers to 2.2 and compiling mod_security into apache this time around.
Many accounts were using SecFilterEngine Off directive in .htaccess to bypass modescurity (SMF forums for example do it by default).
This worked on apache 1.3 when modsec was loaded as an outside module.. now that it's integrated into apache, how do you specify in .htaccess to disable it?
Ken O. TKO
With the newest mod_security (2), you can't disable engine using .htaccess. You need to add the following lines in httpd.conf for the specific virtualhost:
Right, you need to remove the old Mod_Security rules from all the .htaccess files and have to place them in the VirtualHost of the domains in the Apache configuration file as "mellow-h" said.
Whatever rules you need to apply for an account, for a directory OR for a file will all go down in the VirtualHost of the domain.
| Server Setup | Security | Optimization | Troubleshooting | Server Migration
| Monthly and Task basis services.
: madaboutlinux[at]hotmail.com | Skype
Thanks.. what a pain..
what's the syntax then for doing it for a specific directory inside a vhost?
Every SMF, Wordpress, and Joomla installation will break now and require this manual intervention unless a sizable subset of rules is eliminated
Ken O. TKO
By roacha in forum Hosting Security and Technology
Last Post: 08-21-2009, 09:03 PM
By zoli in forum Hosting Security and Technology
Last Post: 01-04-2005, 03:13 PM
By websterworld in forum Web Hosting Lounge
Last Post: 07-12-2004, 10:13 PM
By Steven in forum Hosting Security and Technology
Last Post: 03-20-2004, 11:06 PM