Disable mod_security for an individual account ?

Mod_security is an open source Apache module. This can be considered as firewall for web applications. It secures the system from the attackers. We use mod_security1 for Apache1.x and Apache 2.x uses mod_security2. In case of mod_security1, we can disable it for a domain using the .htaccess file.

If you want to disable mod_sec for one domain then add the following Line in .htaccess

—————–

SecFilterEngine Off

——————

However, we can’t block mod_security2 via .htaccess on domain basis.

The following steps can be used to disable mod_security2 rule for one domain in cPanel servers.

1. Make the directory “/usr/local/apache/conf/userdata/std/2/username/domain.com”

2. Create a file “vhost.conf” in the above location

3. Add the following lines :

———-

<IfModule mod_security2.c>

SecRuleEngine Off

</IfModule>

———-

To disable mod_secuirty for a particular location :

———

<LocationMatch specify_the_path_here>

<IfModule mod_security2.c>

SecRuleEngine Off

</IfModule>

</LocationMatch>

———

To disable a particular mod_secuirty rule :

———

<IfModule mod_security2.c>

SecRuleRemoveById give_ruleID_here

</IfModule>

———

Please make sure run the following script after making the changes.

———

/scripts/ensure_vhost_includes –user=username

———

This script will uncomment the following line in apache configuration. It will customise the virtual host to use the particular include file and will restart apache.

Include “/usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf”

 

Another method

How to disable mod_security for an individual account ?

For apache 1.3:
****************

If you are receiving the error message “access denied with error code 403” for a domain in Apache error logs due to mod_security, you can disable the mod_security for that account by adding a simple code in his .htaccess

===========
SecFilterEngine Off

SecFilterScanPOST Off
===========

For apache 2.X:
***************

In modsec2 version SecFilterEngine Off cannot be used. You have to use SecRuleEngine Off.

You cannot directly add the rule in .htaccess, you have to add the entries in the file

===
/usr/local/apache/conf/modsec2/whitelist.conf.
===

Below is a sample entry for the domain example.com:

==============================================
SecRule SERVER_NAME “example.com” phase:1,nolog,allow,ctl:ruleEngine=off
SecRule SERVER_NAME “www.example.com” phase:1,nolog,allow,ctl:ruleEngine=off
==============================================

This is a new functionality added to increase security in the server and also to make sure the sites work fine when there is problem with mod_security.

 

Another Method

In httpd.cof under the domain add the below lines : please check the id for the error in apache errorlog is correct
==========================

<IfModule mod_security2.c>
<LocationMatch “/administrator/index.php”>
SecRuleRemoveById 950001 950004 950013
</LocationMatch>
</IfModule>

==========================

For Error:-

[Fri Feb 22 23:08:12 2013] [error] [client 115.254.69.82] ModSecurity: Input filter: Failed to delete temporary file: /tmp/attractaseo.It1985/20130222-230810-USf6WUPc0YgAADTur-8AAAAM-request_body-8t21Cz [hostname “skaysolutions.com.es”] [uri “/unidiversidad/wp-admin/async-upload.php”] [unique_id “USf6WUPc0YgAADTur-8AAAAM”]

Fix:-
vi /etc/httpd/conf/modsec2.user.conf
SecUploadDir /tmp
SecTmpDir /tmp

Advertisements
  1. #1 by web hosting company on May 17, 2014 - 8:09 PM

    Its like you learn my thoughts! You seem to grasp a lot about this, such as you wrote the book in it or something. I feel that you just could do with a few % to drive the message house a little bit, but other than that, this is wonderful blog. A fantastic read. I will definitely be back.

  1. ενοικιασεις σκαφων

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: