Pages

Wednesday 25 April 2012

Disable mod security

Disabling mod security using these .htaccess commands:

<ifmodule mod_security.c="">
SecFilterScanPOST Off
</ifmodule>

and

<ifmodule mod_security.c="">
SecFilterEngine off
</ifmodule>

<ifmodule mod_security2.c="">
SecFilterEngine off
</ifmodule>

So I had to edit my whitelist.conf here:

/usr/local/apache/conf/modsec2/whitelist.conf

and you added

<locationmatch "="" post.php"="" wp-admin="">
SecRuleRemoveById 300015 3000016 3000017
</locationmatch>

<locationmatch "="" admin-ajax.php"="" wp-admin="">
SecRuleRemoveById 300015 3000016 3000017
</locationmatch>

<locationmatch "="" page.php"="" wp-admin="">
SecRuleRemoveById 300015 300016 300017
</locationmatch>

Exemple WP:

<locationmatch "="" post.php"="" wp-admin="">
  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61
</locationmatch>

<locationmatch "="" admin-ajax.php"="" wp-admin="">
  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61
</locationmatch>

<locationmatch "="" page.php"="" wp-admin="">
  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61
</locationmatch>

<locationmatch "="" options.php"="" wp-admin="">
  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61
</locationmatch>

<locationmatch "="" theme-editor.php"="" wp-admin="">
  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61
</locationmatch>

<locationmatch "="" wp-includes="">
  SecRuleRemoveById 960010 960012 950006
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61
</locationmatch>

No comments:

Post a Comment