Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 24th July 2012, 13:36
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 191
Thanks: 24
Thanked 58 Times in 42 Posts
Exclamation [Collection] mod_security Whitelists

Hello everyone

Some of you might have mod_security installed on their server, so do I.

Since the rules are sometimes very strict, you often have to disable rules for specific applications.

I thought that it might be a good idea to create a little collection of what rules you have to disable for what application.

General
I assume you have mod_security installed like described here: http://www.faqforge.com/linux/apache...n-6-0-squeeze/

How to whitelist?
You should choose one of these methods:
  • server-wide deactivation
    Code:
    nano /etc/apache2/mod-security/modsecurity_crs_99_whitelist.conf
  • per-site deactivation
    In ISPConfig -> Sites -> domain.tld -> Options -> Apache Directives
    Code:
    <ifModule mod_security2.c>
        (paste the rules here)
    </ifModule>

Applications
Here are the per-application specific rules you should disable if you encounter problems running them.

IP based access
Reason
Accessing a website by it's IP isn't allowed

Rules
SecRuleRemoveById 960017

Usage
You should place this rule within the global whitelist

------------------------------------------------

ionizeCMS
Reason
the built-in flash uploader doesn't work

Rules
SecRuleRemoveById 960015

Usage
You should place them per-site

------------------------------------------------

WebDAV
Reason
You'll get an 405 - Method not allowed when connecting with a WebDAV client

Rules
SecRuleRemoveById 960015
SecRuleRemoveById 960032

Usage
You should place them per-site or within the custom vhost (WebDAV block)

------------------------------------------------

Wordpress
Reason
pasting iFrames within the editor gets blocked as well as selecting images

Rules
SecRuleRemoveById 950001
SecRuleRemoveById 950004

Usage
You should place them per-site

Summary
If you have rulesets by yourself, we would appreciate it if you would share them too

Regards,
MaddinXx
__________________
Rackster Internet Services's presences:
Official | Open Source | Github | Facebook | Twitter
Reply With Quote
The Following 3 Users Say Thank You to MaddinXx For This Useful Post:
falko (25th July 2012), sageman (8th March 2013), till (8th November 2013)
Sponsored Links
 

Bookmarks

Tags
mod_security, rules, security, whitelist

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 11:01.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.