Disable modsecurity For a Specific Directory
Solution 1
SecRuleEngine Off must work . Have you tried to put SecRuleEngine inside Directory:
<Directory /var/www/site/phpMA>
SecRuleEngine Off
</Directory>
instead of LocationMatch ?
Solution 2
On some servers and web hosts, it's possible to disable ModSecurity via .htaccess
, but via this method you can only switch it on or off, you usually can’t disable individual rules.
So rather than leaving your entire site unprotected, it’s best to limit this to specific URLs. You can specify them in a regex in the <If>
statement below...
### DISABLE mod_security firewall
### Some rules are currently too strict and are blocking legitimate users
### We only disable it for URLs that contain the regex below
### The regex below should be placed between "m#" and "#"
### (this syntax is required when the string contains forward slashes)
<IfModule mod_security.c>
<If "%{REQUEST_URI} =~ m#/admin/#">
SecFilterEngine Off
SecFilterScanPOST Off
</If>
</IfModule>
Solution 3
Never disable all rules !! This could cause serious security issues !
You need to check the logfile of modsecurity with
tail -f /var/log/apache2/modsec_audit.log
and exclude each rule one by one reproducing the errors on the phpmyadmin interface.
Next, add :
<Directory /path/to/phpmyadmin>
<IfModule security2_module>
SecRuleRemoveByTag "WEB_ATTACK/SQL_INJECTION"
{And other rules you need to disable ...}
</IfModule>
</Directory>
to /etc/apache2/mods-enabled/modsecurity.conf
The tag you need to remove will be in the log file like this. For a full description of removing rules for a particular folder, see the Github wiki of the project.
Related videos on Youtube
dragonmantank
Love to program in PHP, starting to look into Python and C# as well.
Updated on September 17, 2022Comments
-
dragonmantank almost 2 years
How do you disable modsecurity for just a specific directory. I'm getting errors in phpMyAdmin that are caused by modsecurity tripping based on rules. I have the following files set up:
# /etc/httpd/modsecurity.d/modsecurity_crs_15_customrules.conf <LocationMatch "^/phpMA/"> SecRuleEngine Off </LocationMatch> # /etc/httpd/modsecurity.d/modsecurity_crs_60.custom.conf <LocationMatch '^/phpMA/*'> SecRuleRemoveById 950004 SecRuleRemoveById 950005 SecRuleRemoveById 950006 SecRuleRemoveById 960010 SecRuleRemoveById 960012 </LocationMatch>
From what I can find the first file should disable it, but it still trips, so I tried adding the rule IDs it is tripping to the 60 file, but it still complains.
I'm running the following packages on CentOS 5.3:
- mod_security-2.5.0-jason.2
- httpd-2.2.8-jason.3
- mod-php5-apache2-zend-ce-5.2.10-65
-
Pierre C. over 5 yearsThe approved answer is not secure. Refer to: serverfault.com/a/766395/345813
-
dragonmantank almost 15 yearsTried adding that to the 15 file and still getting the same errors being caught in modsecurity_audit.log
-
hdanniel almost 15 yearsAre the files modsecurity_crs_15_customrules.conf and modsecurity_crs_60.custom.conf included (not commented) in your /etc/httpd/conf.d/mod_security.conf ?
-
dragonmantank almost 15 yearsfacepalm No, they weren't. That took care of it.
-
DevOpsSauce about 3 yearsCan you explain what the
=~
andm#
mean? -
Simon East about 3 years@IRGeekSauce The
=~
indicates that what follows should be interpreted as a regular expression, not a simple string. Normally regular expressions start and end with a forward slash but since that gets really confusing and error prone when you’re dealing with URLs (you would then need to escape every forward slash with a backslash) they provide a second option which is placing it betweenm#
and#
. It’s not very intuitive I know. See this docs page for the official mentions — not very well explained, I must admit.