Home / server / Questions / 57210
Accepted
dragonmantank
Asked: 2009-08-22 07:28:23 +0800 CST

Disable modsecurity For a Specific Directory

  • 772

How do you disable modsecurity for just a specific directory. I'm getting errors in phpMyAdmin that are caused by modsecurity tripping based on rules. I have the following files set up:

# /etc/httpd/modsecurity.d/modsecurity_crs_15_customrules.conf
<LocationMatch "^/phpMA/">
    SecRuleEngine Off
</LocationMatch>

# /etc/httpd/modsecurity.d/modsecurity_crs_60.custom.conf
<LocationMatch '^/phpMA/*'>
    SecRuleRemoveById 950004
    SecRuleRemoveById 950005
    SecRuleRemoveById 950006
    SecRuleRemoveById 960010
    SecRuleRemoveById 960012
</LocationMatch>

From what I can find the first file should disable it, but it still trips, so I tried adding the rule IDs it is tripping to the 60 file, but it still complains.

I'm running the following packages on CentOS 5.3:

  • mod_security-2.5.0-jason.2
  • httpd-2.2.8-jason.3
  • mod-php5-apache2-zend-ce-5.2.10-65
centos apache-2.2 httpd mod-security

3 Answers

  1. Best Answer

    SecRuleEngine Off must work . Have you tried to put SecRuleEngine inside Directory:

    <Directory /var/www/site/phpMA>
SecRuleEngine Off
</Directory>

    instead of LocationMatch ?

    • 19

  2. On some servers and web hosts, it's possible to disable ModSecurity via .htaccess, but via this method you can only switch it on or off, you usually can’t disable individual rules.

    So rather than leaving your entire site unprotected, it’s best to limit this to specific URLs. You can specify them in a regex in the <If> statement below...

    ### DISABLE mod_security firewall
### Some rules are currently too strict and are blocking legitimate users
### We only disable it for URLs that contain the regex below
### The regex below should be placed between "m#" and "#" 
### (this syntax is required when the string contains forward slashes)
<IfModule mod_security.c>
  <If "%{REQUEST_URI} =~ m#/admin/#">
    SecFilterEngine Off
    SecFilterScanPOST Off
  </If>
</IfModule>
    • 4

  3. Never disable all rules !! This could cause serious security issues !

    You need to check the logfile of modsecurity with

    tail -f /var/log/apache2/modsec_audit.log

    and exclude each rule one by one reproducing the errors on the phpmyadmin interface.

    Next, add :

    <Directory /path/to/phpmyadmin>
    <IfModule security2_module>
        SecRuleRemoveByTag "WEB_ATTACK/SQL_INJECTION"
        {And other rules you need to disable ...}
    </IfModule>
</Directory>

    to /etc/apache2/mods-enabled/modsecurity.conf

    The tag you need to remove will be in the log file like this. For a full description of removing rules for a particular folder, see the Github wiki of the project.

    • 2