I installed a script (piwik analytics) on my other server that does not have ASL installed but it does have the free gotroot delayed ruleset. I spent the last 2 hours trying to disable two rules for just one location on a single domain and it just will not work. The only thing that did work was simply disabling the two rules for the whole server by adding the following code to 999_asl_user_exclude.conf:
<LocationMatch .*>
<IfModule mod_security2.c>
SecRuleRemoveById 340162
SecRuleRemoveById 340163
</IfModule>
</LocationMatch>
Replacing .* with the complete url (with and without http), with the linux filesystem path, adding the code to the httpd.conf, etc etc... it just does not work. As these are two quite dangerous rules (remote file injection) to disable globally, i would prefer to only disable them for just this one location. The server has virtualmin/webmin installed, so i have complete freedom over all config files.
Note, i wish i could use ASL on there as well like on my other server, but i only have 2 VPS-es, so buying the minimum amount of 5 licenses is a bit steep for the free services i offer.
How to disable two rules using the free ruleset?
-
- Forum Regular
- Posts: 153
- Joined: Tue Jun 24, 2008 12:05 pm
-
- Long Time Forum Regular
- Posts: 2813
- Joined: Sat Aug 20, 2005 9:30 am
- Location: The Netherlands
Re: How to disable two rules using the free ruleset?
Put that section in the domain's vhost and it should only apply to that vhost.
You cannot specify full URL's or file system paths in a Location or LocationMatch statement. Only the URL path is matched by Location/LocationMatch (for http://www.example.com/dir/file.php this is /dir/file.php), if you want to match on file system path you'll need to use a Directory/DirectoryMatch statement.
See the Apache documentation for more details on those configuration statements.
You cannot specify full URL's or file system paths in a Location or LocationMatch statement. Only the URL path is matched by Location/LocationMatch (for http://www.example.com/dir/file.php this is /dir/file.php), if you want to match on file system path you'll need to use a Directory/DirectoryMatch statement.
See the Apache documentation for more details on those configuration statements.
Lemonbit Internet Dedicated Server Management