View Single Post
  #1  
Old 24th July 2012, 13:36
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 200
Thanks: 26
Thanked 65 Times in 48 Posts
Exclamation [Collection] mod_security Whitelists

Hello everyone

Some of you might have mod_security installed on their server, so do I.

Since the rules are sometimes very strict, you often have to disable rules for specific applications.

I thought that it might be a good idea to create a little collection of what rules you have to disable for what application.

General
I assume you have mod_security installed like described here: http://www.faqforge.com/linux/apache...n-6-0-squeeze/

How to whitelist?
You should choose one of these methods:
  • server-wide deactivation
    Code:
    nano /etc/apache2/mod-security/modsecurity_crs_99_whitelist.conf
  • per-site deactivation
    In ISPConfig -> Sites -> domain.tld -> Options -> Apache Directives
    Code:
    <ifModule mod_security2.c>
        (paste the rules here)
    </ifModule>

Applications
Here are the per-application specific rules you should disable if you encounter problems running them.

IP based access
Reason
Accessing a website by it's IP isn't allowed

Rules
SecRuleRemoveById 960017

Usage
You should place this rule within the global whitelist

------------------------------------------------

ionizeCMS
Reason
the built-in flash uploader doesn't work

Rules
SecRuleRemoveById 960015

Usage
You should place them per-site

------------------------------------------------

WebDAV
Reason
You'll get an 405 - Method not allowed when connecting with a WebDAV client

Rules
SecRuleRemoveById 960015
SecRuleRemoveById 960032

Usage
You should place them per-site or within the custom vhost (WebDAV block)

------------------------------------------------

Wordpress
Reason
pasting iFrames within the editor gets blocked as well as selecting images

Rules
SecRuleRemoveById 950001
SecRuleRemoveById 950004

Usage
You should place them per-site

Summary
If you have rulesets by yourself, we would appreciate it if you would share them too

Regards,
MaddinXx
Reply With Quote
Sponsored Links