Difference between revisions of "Mod security"

From Atomicorp Wiki
Jump to: navigation, search
(New page: == Disabling Mod_Security Globally == Step 1) Disable config file mv /etc/httpd/conf.d/00_mod_security.conf /etc/httpd/conf.d/00_mod_security.conf.disabled Step 2) Restart Apache /e...)
 
Line 1: Line 1:
 
 
== Disabling Mod_Security Globally ==
 
== Disabling Mod_Security Globally ==
  
Line 42: Line 41:
  
  
== Disable Mod_security rule for all applications in a domain ==
+
== Disable Mod_security rule for all applications in a single domain ==
  
 
Step 1) edit the vhost/vhost_ssl.conf for the domain
 
Step 1) edit the vhost/vhost_ssl.conf for the domain
Line 51: Line 50:
 
         SecRuleRemoveById 950005
 
         SecRuleRemoveById 950005
 
   </LocationMatch>
 
   </LocationMatch>
 +
 +
 +
== Disable Mod_security rule for all domains ==
 +
 +
Step 1) Use ASL utility to disable rule by ID. Example: 950005
 +
  asl --disable-signature 950005

Revision as of 12:18, 10 April 2008

Contents

Disabling Mod_Security Globally

Step 1) Disable config file

 mv /etc/httpd/conf.d/00_mod_security.conf /etc/httpd/conf.d/00_mod_security.conf.disabled

Step 2) Restart Apache

 /etc/init.d/httpd restart


Disabling Mod_security per domain

Step 1) edit the vhost/vhost_ssl.conf for the domain

 vim /var/www/vhosts/<DOMAINNAME>/conf/vhost.conf

Step 2) Add the following

 SecRuleEngine Off

Step 3) Add vhost.conf to domain config

 /usr/local/psa/admin/bin/websrvmng -a

Step 4) Restart Apache

 /etc/init.d/httpd restart


Disable Mod_security on a global URL

Step 1) Create a global exclude file

 vim /etc/httpd/modsecurity.d/00_asl_custom_exclude.conf

Step 2) Add the LocationMatch for the url to exclude. Example: /server.php

 <LocationMatch /server.php>
     SecRuleEngine Off
 </LocationMatch>

Step 3) Restart apache

 /etc/init.d/httpd restart


Disable Mod_security rule for all applications in a single domain

Step 1) edit the vhost/vhost_ssl.conf for the domain

 vim /var/www/vhosts/<DOMAINNAME>/conf/vhost.conf

Step 2) Add the LocationMatch for the rule to exclude. Example, ruleid 950005

 <LocationMatch .*>
       SecRuleRemoveById 950005
 </LocationMatch>


Disable Mod_security rule for all domains

Step 1) Use ASL utility to disable rule by ID. Example: 950005

 asl --disable-signature 950005
Personal tools