[How To] Disable mod security on a Linux Server

Here is a quick guide about mod_security and how to disable mod_security in various scenarios.
Please note that you will require shell access with root user to perform the below steps.

The mod_security has two versions and rules for each of them are different. Hence, before adding rule one should be sure about mod_security version.

How to find mod_security version?

The mod_security version can be found out by checking at location

/usr/local/apache/conf/mod*

where

mod_security.c = mod_security version 1
mod_security2.c = mod_security version 2

Various ways to disable mod_security

Create the files as mentioned below:
For mod_security 1

/usr/local/apache/conf/userdata/std/1/username/websitename/allow.conf

and

For mod_security 2

/usr/local/apache/conf/userdata/std/2/username/websitename/allow.conf

Include the above file path in virutalhost entry of the domain by updating Apahce configuration file

Include "/usr/local/apache/conf/userdata/std/1/username/websitename/*.conf"

or

 Include "/usr/local/apache/conf/userdata/std/2/username/websitename/allow.conf"

Add the following rules depending on the scenarios in the allow.conf file to take effect and restart Apache service.

Scenarios:

To disable mod_security 1 for complete domain

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

To disable mod_security 2 for complete domain

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

To exclude single mod_security 1 rule for a specific link

If Apache error log shows

[Mon Oct 12 16:11:20 2009] [error] [client 121.15.245.215] ModSecurity: Access denied with code 400 (phase 2). Pattern match “^\\w+:/” at REQUEST_URI_RAW. [file "/usr/local/apache/conf/modsec.user.conf"] [line "26"] [id "960014"] [msg "Proxy access attempt"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/PROXY_ACCESS"] [hostname "www.domain.com"] [uri "/index.php"] [unique_id "StNHGF5MxosAACUwIYQAAAAD"]
<IfModule mod_security.c>
<Location "/index.php">
SecFilterRemove 960014
</Location>
</IfModule>

To exclude single mod_security 2 rule for a specific link

<IfModule mod_security2.c>
<LocationMatch “/index.php“>
SecRuleRemoveById 960014
</LocationMatch>
</IfModule>

To exclude mod_security 1 for specific link or complete folder

<LocationMatch /admin.php>
<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>
</LocationMatch>
<LocationMatch /wp-admin/>
<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>
</LocationMatch>

To exclude mod_security 2 for specific link or complete folder

<LocationMatch /admin.php>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</LocationMatch>
<LocationMatch /wp-admin/>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</LocationMatch>

Important: Always do Apache configuration test before restarting Apache service.
 If any feedback, queries are always welcome!

Here is a quick guide about mod_security and how to disable mod_security in various scenarios. Please note that you will require shell access with root user to perform the below steps. The mod_security has two versions and rules for each of them are different. Hence, before adding rule one should be sure about mod_security version. How to find mod_security version? The mod_security version can be found out by checking at location /usr/local/apache/conf/mod* where mod_security.c = mod_security version 1 mod_security2.c = mod_security version 2 Various ways to disable mod_security Create the files as mentioned below: For mod_security 1 /usr/local/apache/conf/userdata/std/1/username/websitename/allow.conf and For…

Review Overview

User Rating: 0.5 ( 1 votes)
Share on Facebook2
Share on Google+2Tweet about this on TwitterShare on StumbleUpon1Share on LinkedIn0Share on Tumblr0Digg thisPin on Pinterest0Share on Reddit0Email this to someonePrint this page

About Abhijit Sandhan

Abhijit Sandhan
Loves Linux, Blogging, Traveling, Hiking and sharing Knowledge!

Leave a Reply

Your email address will not be published. Required fields are marked *