Topic: How to turn off specific rules in mod security

[n2apachelounge]

I have an Apache Lounge version of apache 2.2 with mod security 2.1.1
on a Windows XP PC. I am running a C++ cgi application that uses url
encoding. I am using the core rules that came with mod security. Since I
am using url encoding I am getting a Bad Response error. In the error log
I have:
[Tue May 22 12:51:04 2007] [error] [client 127.0.0.1] ModSecurity: Access denied with code 400 (phase 2).
Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:INPUT1. [id "950107"] [msg "URL Encoding Abuse Attack Attempt"]
[severity "WARNING"] [hostname "localhost"] [uri "/cgi-bin/ttgxxx.exe/SearchIt?DBNAME=200703xxxxxx&NEWUSER=xxxx
&CODE=xxxx&DBALIAS=MAR%2B2007%2BB%2BOF%2BA%2BLOCKBOXES
&STARTSESSION=5%2F22%2F2007%2B12%3A50%3A51%2BPM
&R1=V1&INPUT1=%25&SUBMIT.x=23&SUBMIT.y=12&SUBMIT=SEARCH"] [unique_id "XrASOwpYJAQAAADQDDkAAAD5"]

I have tried overriding this rule as per the mod security help file. I
created a file named modsecurity_crs_15_customrules.conf and added the
following to try to override the rule.


SecRuleRemoveByID "960901"
SecRuleRemoveByID "950107"
SecRuleRemoveByMsg "URL Encoding Abuse Attack Attempt"

This seems to have no effect at all and I continue to get the Bad Response error.

Thanks for any assistance with this.

[James Blond]

Maybe you can turn it of via .htaccess only in cgi-bin folder