Difference between revisions of "Mod security"
From Atomicorp Wiki
(New page: == Disabling Mod_Security Globally == Step 1) Disable config file mv /etc/httpd/conf.d/00_mod_security.conf /etc/httpd/conf.d/00_mod_security.conf.disabled Step 2) Restart Apache /e...) |
|||
Line 1: | Line 1: | ||
− | |||
== Disabling Mod_Security Globally == | == Disabling Mod_Security Globally == | ||
Line 42: | Line 41: | ||
− | == Disable Mod_security rule for all applications in a domain == | + | == Disable Mod_security rule for all applications in a single domain == |
Step 1) edit the vhost/vhost_ssl.conf for the domain | Step 1) edit the vhost/vhost_ssl.conf for the domain | ||
Line 51: | Line 50: | ||
SecRuleRemoveById 950005 | SecRuleRemoveById 950005 | ||
</LocationMatch> | </LocationMatch> | ||
+ | |||
+ | |||
+ | == Disable Mod_security rule for all domains == | ||
+ | |||
+ | Step 1) Use ASL utility to disable rule by ID. Example: 950005 | ||
+ | asl --disable-signature 950005 |
Revision as of 12:18, 10 April 2008
Contents |
Disabling Mod_Security Globally
Step 1) Disable config file
mv /etc/httpd/conf.d/00_mod_security.conf /etc/httpd/conf.d/00_mod_security.conf.disabled
Step 2) Restart Apache
/etc/init.d/httpd restart
Disabling Mod_security per domain
Step 1) edit the vhost/vhost_ssl.conf for the domain
vim /var/www/vhosts/<DOMAINNAME>/conf/vhost.conf
Step 2) Add the following
SecRuleEngine Off
Step 3) Add vhost.conf to domain config
/usr/local/psa/admin/bin/websrvmng -a
Step 4) Restart Apache
/etc/init.d/httpd restart
Disable Mod_security on a global URL
Step 1) Create a global exclude file
vim /etc/httpd/modsecurity.d/00_asl_custom_exclude.conf
Step 2) Add the LocationMatch for the url to exclude. Example: /server.php
<LocationMatch /server.php> SecRuleEngine Off </LocationMatch>
Step 3) Restart apache
/etc/init.d/httpd restart
Disable Mod_security rule for all applications in a single domain
Step 1) edit the vhost/vhost_ssl.conf for the domain
vim /var/www/vhosts/<DOMAINNAME>/conf/vhost.conf
Step 2) Add the LocationMatch for the rule to exclude. Example, ruleid 950005
<LocationMatch .*> SecRuleRemoveById 950005 </LocationMatch>
Disable Mod_security rule for all domains
Step 1) Use ASL utility to disable rule by ID. Example: 950005
asl --disable-signature 950005