Knowledge, ModSecurity

Disable Mod-Security only for the perticular directories or files.

Disable Mod-Security only for the particular directories or files.
If the server logs shows the error with id “ “]

[Mon Oct 12 16:11:20 2009] [error] [client 121.15.245.215] ModSecurity: Access denied with code 400 (phase 2). Pattern match “^\\w+:/” at REQUEST_URI_RAW. [file “/usr/local/apache/conf/modsec2.user.conf”] [line “26”] [id “960014“] [msg “Proxy access attempt”] [severity “CRITICAL”] [tag “PROTOCOL_VIOLATION/PROXY_ACCESS”] [hostname “www.domain.com“] [uri “/index.php“] [unique_id “StNHGF5MxosAACUwIYQAAAAD”]

You can disable mod-security by using two ways.
1) You can add following rules in .htaccess file
===============================
#For mod secuity 2
<IfModule mod_security2.c>
<LocationMatch “/index.php“>
SecRuleRemoveById 960014
</LocationMatch>
</IfModule>
===============================
#For mod secuity 1
<IfModule mod_security.c>
<Location /index.php>
SecFilterRemove 960014
</Location>
</IfModule>
===============================
or
2) You can disable it by using http.conf file.
open the httpd.conf file and search the domain.com and remove the conment from below line
# Include “/usr/local/apache/conf/userdata/username/domain.com/*.conf”
to
Include “/usr/local/apache/conf/userdata/username/domain.com/*.conf”
then create the directory
mkdir -p /usr/local/apache/conf/userdata/username/domain.com/
vi /usr/local/apache/conf/userdata/username/domain.com/allow.conf
and the mod-security rule.
===============================
#For mod secuity 2
<IfModule mod_security2.c>
<LocationMatch “/index.php“>
SecRuleRemoveById 960014
</LocationMatch>
</IfModule>
===============================
#For mod secuity 1
<IfModule mod_security.c>
<Location /index.php>
SecFilterRemove 960014
</Location>
</IfModule>
===============================
If the server does not shows the ID

Mon Nov 23 18:45:39 2009] [error] [client 91.84.93.229] ModSecurity: Access denied with code 406 (phase 2). Pattern match “^Shockwave Flash” at REQUEST_HEADERS:User-Agent. [file “/usr/local/apache/conf/modrules2/useragents.conf”] [line “169”] [hostname “www.domain.com”] [uri “/gifs/paypal.gif”] [unique_id “SwrYU9WvwhAAAFNbNscAAACS”]

then
1) You can add following rules in .htaccess file
<IfModule mod_security.c>
<Files gifs/paypal.gif>
SecFilterInheritance Off
</Files>
</IfModule>
Done
Note : Replace the domain.com equal to orginal domain name, “/index.php equal to exact file path which is mention the error and ” 960014″ equal to the original id which is in the error.

Share
isquarehost

Related posts

One Thought to “Disable Mod-Security only for the perticular directories or files.”

  1. zx81
    July 18, 2014 at 3:58 pm

    LocationMatch directive CANNOT be used in .htaccess

    Reply

Leave a Comment