|
[Collection] mod_security Whitelists
Hello everyone
Some of you might have mod_security installed on their server, so do I. Since the rules are sometimes very strict, you often have to disable rules for specific applications. I thought that it might be a good idea to create a little collection of what rules you have to disable for what application. General I assume you have mod_security installed like described here: http://www.faqforge.com/linux/apache...n-6-0-squeeze/ How to whitelist? You should choose one of these methods:
Applications Here are the per-application specific rules you should disable if you encounter problems running them. IP based access Reason Accessing a website by it's IP isn't allowed Rules SecRuleRemoveById 960017 Usage You should place this rule within the global whitelist ------------------------------------------------ ionizeCMS Reason the built-in flash uploader doesn't work Rules SecRuleRemoveById 960015 Usage You should place them per-site ------------------------------------------------ WebDAV Reason You'll get an 405 - Method not allowed when connecting with a WebDAV client Rules SecRuleRemoveById 960015 SecRuleRemoveById 960032 Usage You should place them per-site or within the custom vhost (WebDAV block) ------------------------------------------------ Wordpress Reason pasting iFrames within the editor gets blocked as well as selecting images Rules SecRuleRemoveById 950001 SecRuleRemoveById 950004 Usage You should place them per-site Summary If you have rulesets by yourself, we would appreciate it if you would share them too :) Regards, MaddinXx |
Great post! :) Do you think you could create a little tutorial from it?
|
Hi falko
I'm not sure if a tutorial is needed for this, since their is already one on FAQForge on how to install mod_security, also how to whitelist. Therefor this is really more a collection on useful information for them rather than a guide itself. However, it might be a good refresher to see it here as a tutorial again - I'll look if I find time...but I hope to be able to test some more popular CMS like typo3, joomla, Drupal etc. first so we have a solid list. BTW it would be good if you could re-check the WebDAV thing by yourself and add it to ISPConfig by default (like you did completely disable mod_security for ISPConfig's vHost). Regards |
Quote:
|
hmm, it seems that it's not allowed to edit the first post within a topic...
@falko/till. is it possible to activate this? if not, would their a way to give me the 2nd post as well? (which is currently falko's). Here's another one: Google's Webmaster Tools Reason Verification not working (msg: Request Missing an Accept Header) Rules SecRuleRemoveById 950015 Usage You should place them per-site |
Hi Mad,
In my Ubuntu 10.04 64 bit OS, I can't see this file: /etc/apache2/mod-security/modsecurity_crs_99_whitelist.conf How do you configure your trick in Ubuntu 10.04? |
Hi concept21
I don't have an Ubuntu machine to test, but if you have the folder /etc/apache2/mod-security/ I guess you can create the file in there. If the folder doesn't exist, you could try running: Code:
find / -name "modsecurity_crs*" |
I have tried to add
SecRuleRemoveById to all id appearing in the mod_audit.log, but my software was stilled blocked. I think it is not so simple. I have read a little bit of the mod-security site's manual. It said simply adding SecRuleRemoveById may not let the software pass 2nd phase. I don't understand though. |
Hmm, for me it worked.
Did you follow the step here: http://www.faqforge.com/linux/apache...n-6-0-squeeze/ Code:
To enable mod-security, edit the file |
I needed to add another one today.
Wordpress Reason Error 404 - ("Too many arguments in request") when you save bigger posts. Some guys got this error cause of too many revisions. Mine was due to many post attachments. Rules SecRuleRemoveById 960335 Usage You should place them per-site |
| All times are GMT +2. The time now is 06:30. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.