.htaccess support was disable in Mod 2.x for security reasons.

 

--
Ryan C. Barnett
ModSecurity Community Manager

Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC

Author: Preventing Web Attacks with Apache

 

 


From: mod-security-users-bounces@lists.sourceforge.net [mailto:mod-security-users-bounces@lists.sourceforge.net] On Behalf Of Bunyamin DEMIR
Sent: Thursday, July 26, 2007 6:06 AM
To: Peter
Cc: mod-security-users@lists.sourceforge.net
Subject: Re: [mod-security-users] Disable mod-sec2 in .htaccess

 


Hi Peter,

You can use .htaccess with 2.x. You have different problem.

please you`d better sure that modsecurity is work fine.  Because when modsecurity works you can do it.

Can i see your httpd.conf   (with modsecurity)?


2007/7/26, Peter <peter@tux.hm>:

Can it be that .htaccess is no longer supported in 2.x?

Am Dienstag, den 24.07.2007, 04:00 -0700 schrieb Bunyamin DEMIR:
> Hi,
>
> So sorry :)
>
> Maybe, it is possible your AllowOverride settings dont allow
> for .htaccess.
>
>
>
>
> 2007/7/24, Bunyamin DEMIR <bunyamindemir@gmail.com>:
>         Hi Peter,
>
>         <Files dateiname.php>
>         SecFilterEngine Off
>         </Files>
>
>
>         SecRuleEngine is a modsecurity 2.x parameter. You can see
>         http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf
>
>         If You use modsecurity 1.9 you will turn off modsecurity with
>         "SecFilterEngine"
>
>
>         Best Regards,
>         --
>         Bunyamin Demir
>         OWASP-Turkey Chair
>         http://www.webguvenligi.org
>
>
>         2007/7/24, Peter < peter@tux.hm>:
>                 Hi!
>                 I upgrade my mod-sec 1.9 to mod-sec 2.1.
>
>                 But now I am no longer able to disable mod-sec
>                 in .htaccess:
>                 /var/www/vhosts/host/httpdocs/.htaccess: SecRuleEngine
>                 not allowed here
>
>                 I wrote in my .htaccess:
>                 <Files dateiname.php>
>                 SecRuleEngine Off
>                 </Files>
>
>                 Does anybody have a idea why this cannot work?
>
>                 In mod-sec 1.9 I could disable mod-sec over .htaccess.
>
>                 Gruss,
>                 Peter
>                 --
>                 www: http://peter.tux.hm
>                 www: http://tux.hm - Linux- und BSD-UserGroup im
>                 Weserbergland
>                 www: http://ha-forum.org - HA Cluster Forums
>                 icq: 540954
>
>
>                 -------------------------------------------------------------------------
>                 This SF.net email is sponsored by: Splunk Inc.
>                 Still grepping through log files to find
>                 problems?  Stop.
>                 Now Search log events and configuration files using
>                 AJAX and a browser.
>                 Download your FREE copy of Splunk now
>                 >>  http://get.splunk.com/
>                 _______________________________________________
>                 mod-security-users mailing list
>                 mod-security-users@lists.sourceforge.net
>                 https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>
>
>
>
> --
> Bunyamin Demir
> OWASP-Turkey Chair
> http://www.webguvenligi.org
--
www: http://peter.tux.hm
www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland
www: http://ha-forum.org - HA Cluster Forums
icq: 540954




--
Bunyamin Demir
OWASP-Turkey Chair
http://www.webguvenligi.org