logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: How to turn off specific rules in mod security
Author
n2apachelounge



Joined: 19 May 2007
Posts: 1

PostPosted: Tue 22 May '07 22:35    Post subject: How to turn off specific rules in mod security Reply with quote

I have an Apache Lounge version of apache 2.2 with mod security 2.1.1
on a Windows XP PC. I am running a C++ cgi application that uses url
encoding. I am using the core rules that came with mod security. Since I
am using url encoding I am getting a Bad Response error. In the error log
I have:
[Tue May 22 12:51:04 2007] [error] [client 127.0.0.1] ModSecurity: Access denied with code 400 (phase 2).
Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:INPUT1. [id "950107"] [msg "URL Encoding Abuse Attack Attempt"]
[severity "WARNING"] [hostname "localhost"] [uri "/cgi-bin/ttgxxx.exe/SearchIt?DBNAME=200703xxxxxx&NEWUSER=xxxx
&CODE=xxxx&DBALIAS=MAR%2B2007%2BB%2BOF%2BA%2BLOCKBOXES
&STARTSESSION=5%2F22%2F2007%2B12%3A50%3A51%2BPM
&R1=V1&INPUT1=%25&SUBMIT.x=23&SUBMIT.y=12&SUBMIT=SEARCH"] [unique_id "XrASOwpYJAQAAADQDDkAAAD5"]

I have tried overriding this rule as per the mod security help file. I
created a file named modsecurity_crs_15_customrules.conf and added the
following to try to override the rule.


SecRuleRemoveByID "960901"
SecRuleRemoveByID "950107"
SecRuleRemoveByMsg "URL Encoding Abuse Attack Attempt"

This seems to have no effect at all and I continue to get the Bad Response error.

Thanks for any assistance with this.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Wed 23 May '07 9:57    Post subject: Reply with quote

Maybe you can turn it of via .htaccess only in cgi-bin folder

Code:

# Turn off mod_security filtering.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
#SecFilterScanPOST Off


I think that is not an good option. You should ask the experts in the mailing list from mod_security
Back to top


Reply to topic   Topic: How to turn off specific rules in mod security View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules