Re: [mod-security-users] Disable mod-sec2 in .htaccess
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-07-26 13:56:57
|
.htaccess support was disable in Mod 2.x for security reasons. =20 --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 =20 ________________________________ From: mod...@li... [mailto:mod...@li...] On Behalf Of Bunyamin DEMIR Sent: Thursday, July 26, 2007 6:06 AM To: Peter Cc: mod...@li... Subject: Re: [mod-security-users] Disable mod-sec2 in .htaccess =20 Hi Peter, You can use .htaccess with 2.x. You have different problem. please you`d better sure that modsecurity is work fine. Because when modsecurity works you can do it.=20 Can i see your httpd.conf (with modsecurity)? 2007/7/26, Peter <pe...@tu...>: Can it be that .htaccess is no longer supported in 2.x? Am Dienstag, den 24.07.2007, 04:00 -0700 schrieb Bunyamin DEMIR: > Hi, > > So sorry :) > > Maybe, it is possible your AllowOverride settings dont allow=20 > for .htaccess. > > > > > 2007/7/24, Bunyamin DEMIR <bun...@gm...>: > Hi Peter, > > <Files dateiname.php> > SecFilterEngine Off > </Files> > > > SecRuleEngine is a modsecurity 2.x parameter. You can see > http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pd f > > If You use modsecurity 1.9 you will turn off modsecurity with > "SecFilterEngine" > >=20 > Best Regards, > -- > Bunyamin Demir > OWASP-Turkey Chair > http://www.webguvenligi.org > > > 2007/7/24, Peter < pe...@tu...>: > Hi! > I upgrade my mod-sec 1.9 to mod-sec 2.1. > > But now I am no longer able to disable mod-sec=20 > in .htaccess: > /var/www/vhosts/host/httpdocs/.htaccess: SecRuleEngine > not allowed here > > I wrote in my .htaccess: > <Files dateiname.php> > SecRuleEngine Off > </Files> > > Does anybody have a idea why this cannot work? > > In mod-sec 1.9 I could disable mod-sec over .htaccess. > > Gruss, > Peter > -- > www: http://peter.tux.hm=20 > www: http://tux.hm - Linux- und BSD-UserGroup im > Weserbergland > www: http://ha-forum.org - HA Cluster Forums > icq: 540954 > > > ------------------------------------------------------------------------ - > This SF.net email is sponsored by: Splunk Inc.=20 > Still grepping through log files to find > problems? Stop. > Now Search log events and configuration files using > AJAX and a browser.=20 > Download your FREE copy of Splunk now > >> http://get.splunk.com/ > _______________________________________________=20 > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > -- > Bunyamin Demir > OWASP-Turkey Chair > http://www.webguvenligi.org=20 -- www: http://peter.tux.hm www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland www: http://ha-forum.org - HA Cluster Forums icq: 540954 --=20 Bunyamin Demir OWASP-Turkey Chair http://www.webguvenligi.org=20 |