Comments on: Remove and Uninstall or Disable ModSecurity (mod_security) http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/ Living Digitally and Electronically Sat, 19 Dec 2009 15:41:18 +0800 http://wordpress.org/?v=2.8.6 hourly 1 By: Mike http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/comment-page-1/#comment-573679 Mike Wed, 06 May 2009 07:30:14 +0000 http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/#comment-573679 I had this issue and apparently my host had a specific block in place that prevented the .htaccess modification from taking effect. The solution to remove the module might not be a good idea since it's a server wide change, there is apparently a whitelist file that you can modify to allow specific domains from being exempt. Just SSH into the server as root using PUTTY or something similar. Type the following nano usr/local/apache/conf/modsec2/whitelist.conf This will give you a flat screen editor that you can use to modify the file, just add the following line, once for each domain you wish to exempt. SecRule SERVER_NAME "example.com" phase:1,nolog,allow,ctl:ruleEngine=Off no need to replace Server_name with your actual server name, only need to replace example.com with the domain. Apache will then need to be restarted. I had this issue and apparently my host had a specific block in place that prevented the .htaccess modification from taking effect.

The solution to remove the module might not be a good idea since it’s a server wide change, there is apparently a whitelist file that you can modify to allow specific domains from being exempt.

Just SSH into the server as root using PUTTY or something similar.

Type the following

nano usr/local/apache/conf/modsec2/whitelist.conf

This will give you a flat screen editor that you can use to modify the file, just add the following line, once for each domain you wish to exempt.

SecRule SERVER_NAME “example.com” phase:1,nolog,allow,ctl:ruleEngine=Off

no need to replace Server_name with your actual server name, only need to replace example.com with the domain.

Apache will then need to be restarted.

]]> By: Webagentur http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/comment-page-1/#comment-544831 Webagentur Sat, 29 Nov 2008 18:32:13 +0000 http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/#comment-544831 Mich würde mal eher interessieren, ob man mit mod_security2 auch Mails verschicken lassen kann? Mich würde mal eher interessieren, ob man mit mod_security2 auch Mails verschicken lassen kann?

]]> By: Fairlights http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/comment-page-1/#comment-543431 Fairlights Fri, 21 Nov 2008 07:25:46 +0000 http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/#comment-543431 Awsome, slightly different in the apache i'm using on windows, i just commented out this line: #Include conf/Suite-extra/mod_security.conf Thanks now i can work on my intranet again owe you big time :D Awsome, slightly different in the apache i’m using on windows, i just commented out this line:

#Include conf/Suite-extra/mod_security.conf

Thanks now i can work on my intranet again owe you big time :D

]]> By: TSSE v4.3 problem - Bravo List http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/comment-page-1/#comment-541931 TSSE v4.3 problem - Bravo List Wed, 12 Nov 2008 06:11:10 +0000 http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/#comment-541931 [...] if i remeber right, this can be disabled from .htaccess Check the following links for further info: Remove and Uninstall or Disable ModSecurity (mod_security) My Digital Life How to disable mod_security in .htaccess file Disabling mod_security mod_security Guide and [...] [...] if i remeber right, this can be disabled from .htaccess Check the following links for further info: Remove and Uninstall or Disable ModSecurity (mod_security) My Digital Life How to disable mod_security in .htaccess file Disabling mod_security mod_security Guide and [...]

]]> By: Melinda http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/comment-page-1/#comment-537723 Melinda Sat, 25 Oct 2008 22:05:35 +0000 http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/#comment-537723 Just like Flanger, it doesn't work for me. Adding that two lines seem to block more and it doesn't resolve the error 500 error that was returned by ModSecurity. Just like Flanger, it doesn’t work for me. Adding that two lines seem to block more and it doesn’t resolve the error 500 error that was returned by ModSecurity.

]]> By: Flanger http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/comment-page-1/#comment-536587 Flanger Mon, 20 Oct 2008 10:58:27 +0000 http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/#comment-536587 it doesnt work for me unfortunately :( if I add these two lines to my .htaccess file to the root, the whole domain is blocked, else if I make .htaccess file in custom directory and add these lines only that dir is locked and server gives me Http error 500 internal server error... it doesnt work for me unfortunately :(

if I add these two lines to my .htaccess file to the root,
the whole domain is blocked, else if I make .htaccess file
in custom directory and add these lines only that dir is locked

and server gives me Http error 500 internal server error…

]]> By: Karlos http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/comment-page-1/#comment-519258 Karlos Sun, 29 Jun 2008 15:47:38 +0000 http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/#comment-519258 Cheers, just what I needed, worked first time Cheers, just what I needed, worked first time

]]> By: Neran http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/comment-page-1/#comment-497437 Neran Thu, 17 Apr 2008 09:13:55 +0000 http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/#comment-497437 Thanks alot! It works! Thanks alot! It works!

]]> By: Adam Dempsey http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/comment-page-1/#comment-463556 Adam Dempsey Fri, 01 Feb 2008 16:51:19 +0000 http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/#comment-463556 Exactly what I was looking for, thanks :) Exactly what I was looking for, thanks :)

]]> By: John http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/comment-page-1/#comment-316352 John Fri, 06 Jul 2007 16:16:03 +0000 http://www.mydigitallife.info/2006/10/21/remove-and-uninstall-or-disable-modsecurity-mod_security/#comment-316352 A BIG Thanks to You! It really works! Thanks You! A BIG Thanks to You!

It really works! Thanks You!

]]>