Re: [mod-security-users] Allow HTML in post
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Allow HTML in post
|
From: Christian V. <cv...@it...> - 2021-10-21 13:25:31
|
Yo have to add exceptions to avoid mod security block certain HTML POST data.
Look in the error log of apache or audit log of mod-security, then look for the errors that are blocking the HTML POST, and search the id of the rule, then in the apache config (the one where you CMS is configured), you can add the exception like this:
If you want to disable specific rule in a specific path:
<LocationMatch "/user/login">
SecRuleRemoveById 981319
</LocationMatch>
If you want to disable specific rule globally:
SecRuleRemoveById 981173
If you want to disable mod security in a specific path:
<Location /some_path/anotherpath>
<IfModule security2_module>
SecRuleEngine Off
</IfModule>
</Location>
Cheers.
Chris.
> El 21-10-2021, a las 09:02, Reindl Harald <h.r...@th...> escribió:
>
>
>
> Am 21.10.21 um 11:30 schrieb Filip Bartmann:
>> I'm new to mod_security and I have own CMS. I want in admin to edit HTML content. How can I enable to POST HTML tags? I Use mod_security v2 with Apache
>
> <IfModule mod_security2.c>
> <LocationMatch "(.*)\/editor\/plugins\/preview\.php$">
> SecRequestBodyAccess Off
> </LocationMatch>
> </IfModule>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
|
