How to disable Mod_Security in linux.

Question

4.00/5 (1 vote)

See more:

Hello all,

I was trying to run some script which is under cgi-bin folder, but mod_security is not allowing me to do so.
I tried disabling mod_security by creating .htaccess under my document root (I think which is /var/www/html) with following values

XML

<IfModule mod_security2.c>
SecRuleEngine Off
SecAuditEngine Off
</IfModule>

but still I could see in http error log:

[Thu Mar 10 21:36:22 2011] [error] [client 10.206.152.61] ModSecurity: Access denied with code 501 (phase 2). Match of "rx (?:^(?:application\\\\/x-www-form-urlencoded(?:;(?:\\\\s?charset\\\\s?=\\\\s?[\\\\w\\\\d\\\\-]{1,18})?)??$|multipart/form-data;)|text/xml)" against "REQUEST_HEADERS:Content-type" required. [id "960010"] [msg "Request content type is not allowed by policy"] [severity "WARNING"] [hostname "10.209.116.191"] [uri "/cgi-bin/perf.pl"] [unique_id "BtPUSX8AAAEAADttKm0AAAAB"]
----------------------

Can someone help me out , am I missing something or is there any alternative way?
(I am using apache version 2.2.6)

Thanks in advance
Tanuj

Posted 9-Mar-11 23:47pm

tanujm

Updated 10-Mar-11 1:15am

Sandeep Mewara

v4

Add a Solution

2 solutions

Solution 1

I don't know your httpd.conf and related files, how about you?

Do you have something like modsecurity_crs_15_customrules.conf file? ModSecurity is just yes another Apache module, controlled by all those files, nothing special, but you need to make you hands dirty and learn this product and its syntax. You can of cause remove any use of this product or even uninstall it, but what was the purpose of installing security in first place? Some security, I presume. So I suggests you simply learn the rules and use related syntax. This is whole language.

Did you read this: http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/modsecurity2-apache-reference.html#configuration-directives[^]?

—SA

Posted 10-Mar-11 4:50am

Sergey Alexandrovich Kryukov

Comments

tanujm 10-Mar-11 23:44pm

Thanks SA
i am able to disable mod_security.
why i didn't want this security : actually my webserver is inside a secure domain , not interaction to outside world. and only one machine will be using this web-server which is again inside a secure domain.
but that document really help me out to understand mod security and how it works.
thanks a log SA ...

Sergey Alexandrovich Kryukov 11-Mar-11 1:26am

You're welcome.
Will you formally accept my answer?
Thank you.
--SA

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

tanujm · Accepted Answer · 2011-03-10T17:51:00

how to disable:
1. check in httpd.conf file , from where it is facing all the conf file -> in most of the cases it is : <pre>conf.d/*.conf</pre> which means is will use all the config file under conf.d dir.

2. now go to /etc/httpd/conf.d dir and check for mod_security.conf file.
3. open this file , and you can see what all rules will be used for web-server modsecurity.
4 . comment the rule which you don't want to use
eg. <code>lang="xml"><IfModule mod_security2.c
# This is the ModSecurity Core Rules Set.
# Basic configuration goes in here
# Include modsecurity.d/modsecurity_crs_10_config.conf
# Protocol violation and anomalies.
# Include modsecurity.d/modsecurity_crs_20_protocol_violations.conf
#Include modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf</code>

as you can see i don't want to use protocol validation rule , so i commented this particular line of code.
5. now restart you httpd service /etc/init.d/httpd restart

thanks
tanuj