How to disable mod_security for single user

       

September 3, 2009 Server Administration

Tech tipsComputer Tricks

Becouse of a high traffic web sites and problematic ddos attacks on port 80, i just have to install mod_Security module for apache. For some reason server works fine and all unwanted packets has been blocked, but then i have found a new problem with one of the costumers who has SMF forum installed with some fancy gameing plugins. The only solution is to disable mod_security, and everything works fine. So i got myself in a problem, if i disable mod_security i’l gonna have same problems with DDOS, so i have to find me a solutin.

The only solutin was this:

I have editet modsec2.conf and put this line:

Include “/usr/local/apache/conf/modsec2/whitelist.conf”

next step was to make and edit whitlist.conf, so i have put this in whitlist.conf:

SecRule SERVER_NAME “domainname.com” phase:1,nolog,allow,ctl:ruleEngine=off

And at the end .. to be sure i have adited users .htaccess file and put this:

<IfModule mod_security.c>

SecFilterEngine

Off SecFilterScanPOST Off

</IfModule>

And Voila… Web site and all of the plugins are working fine now.<
Was this article helpfull ?

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • blogmarks
  • Fark
  • LinkedIn
  • MSN Reporter
  • MySpace
  • Reddit
  • Socialogs
  • StumbleUpon
  • Technorati
  • Twitter
  • Yahoo! Bookmarks
  • Yahoo! Buzz

Tags:

Leave a Reply