ApacheWeb Server

[How To] Disable mod security on a Linux Server

Here is a quick guide about mod_security and how to disable mod_security in various scenarios.
Please note that you will require shell access with root user to perform the below steps.

The mod_security has two versions and rules for each of them are different. Hence, before adding rule one should be sure about mod_security version.

How to find mod_security version?

The mod_security version can be found out by checking at location

/usr/local/apache/conf/mod*

where

mod_security.c = mod_security version 1
mod_security2.c = mod_security version 2

Various ways to disable mod_security

Create the files as mentioned below:
For mod_security 1

/usr/local/apache/conf/userdata/std/1/username/websitename/allow.conf

and

For mod_security 2

/usr/local/apache/conf/userdata/std/2/username/websitename/allow.conf

Include the above file path in virutalhost entry of the domain by updating Apahce configuration file

Include "/usr/local/apache/conf/userdata/std/1/username/websitename/*.conf"

or

 Include "/usr/local/apache/conf/userdata/std/2/username/websitename/allow.conf"

Add the following rules depending on the scenarios in the allow.conf file to take effect and restart Apache service.

Scenarios:

To disable mod_security 1 for complete domain

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

To disable mod_security 2 for complete domain

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

To exclude single mod_security 1 rule for a specific link

If Apache error log shows

[Mon Oct 12 16:11:20 2009] [error] [client 121.15.245.215] ModSecurity: Access denied with code 400 (phase 2). Pattern match “^\\w+:/” at REQUEST_URI_RAW. [file "/usr/local/apache/conf/modsec.user.conf"] [line "26"] [id "960014"] [msg "Proxy access attempt"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/PROXY_ACCESS"] [hostname "www.domain.com"] [uri "/index.php"] [unique_id "StNHGF5MxosAACUwIYQAAAAD"]
<IfModule mod_security.c>
<Location "/index.php">
SecFilterRemove 960014
</Location>
</IfModule>

To exclude single mod_security 2 rule for a specific link

<IfModule mod_security2.c>
<LocationMatch “/index.php“>
SecRuleRemoveById 960014
</LocationMatch>
</IfModule>

To exclude mod_security 1 for specific link or complete folder

<LocationMatch /admin.php>
<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>
</LocationMatch>

<LocationMatch /wp-admin/>
<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>
</LocationMatch>

To exclude mod_security 2 for specific link or complete folder

<LocationMatch /admin.php>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</LocationMatch>

<LocationMatch /wp-admin/>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</LocationMatch>

Important: Always do Apache configuration test before restarting Apache service.
 If any feedback, queries are always welcome!

Abhijit Sandhan

Love to Automate, Blog, Travel, Hike & spread Knowledge!

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button