Re: [mod-security-users] Disable mod-sec2 in .htaccess
Brought to you by:
victorhora,
zimmerletw
From: Peter <pe...@tu...> - 2007-07-26 15:12:50
|
*super* Am Donnerstag, den 26.07.2007, 09:55 -0400 schrieb Ryan Barnett: > .htaccess support was disable in Mod 2.x for security reasons. > > > > -- > Ryan C. Barnett > ModSecurity Community Manager > > Breach Security: Director of Application Security Training > Web Application Security Consortium (WASC) Member > CIS Apache Benchmark Project Lead > SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > > Author: Preventing Web Attacks with Apache > > > > > > > > ______________________________________________________________________ > From:mod...@li... > [mailto:mod...@li...] On Behalf Of > Bunyamin DEMIR > Sent: Thursday, July 26, 2007 6:06 AM > To: Peter > Cc: mod...@li... > Subject: Re: [mod-security-users] Disable mod-sec2 in .htaccess > > > > > > Hi Peter, > > You can use .htaccess with 2.x. You have different problem. > > please you`d better sure that modsecurity is work fine. Because when > modsecurity works you can do it. > > Can i see your httpd.conf (with modsecurity)? > > > > > 2007/7/26, Peter <pe...@tu...>: > > Can it be that .htaccess is no longer supported in 2.x? > > Am Dienstag, den 24.07.2007, 04:00 -0700 schrieb Bunyamin DEMIR: > > Hi, > > > > So sorry :) > > > > Maybe, it is possible your AllowOverride settings dont allow > > for .htaccess. > > > > > > > > > > 2007/7/24, Bunyamin DEMIR <bun...@gm...>: > > Hi Peter, > > > > <Files dateiname.php> > > SecFilterEngine Off > > </Files> > > > > > > SecRuleEngine is a modsecurity 2.x parameter. You can see > > > http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf > > > > If You use modsecurity 1.9 you will turn off modsecurity > with > > "SecFilterEngine" > > > > > > Best Regards, > > -- > > Bunyamin Demir > > OWASP-Turkey Chair > > http://www.webguvenligi.org > > > > > > 2007/7/24, Peter < pe...@tu...>: > > Hi! > > I upgrade my mod-sec 1.9 to mod-sec 2.1. > > > > But now I am no longer able to disable mod-sec > > in .htaccess: > > /var/www/vhosts/host/httpdocs/.htaccess: > SecRuleEngine > > not allowed here > > > > I wrote in my .htaccess: > > <Files dateiname.php> > > SecRuleEngine Off > > </Files> > > > > Does anybody have a idea why this cannot work? > > > > In mod-sec 1.9 I could disable mod-sec > over .htaccess. > > > > Gruss, > > Peter > > -- > > www: http://peter.tux.hm > > www: http://tux.hm - Linux- und BSD-UserGroup im > > Weserbergland > > www: http://ha-forum.org - HA Cluster Forums > > icq: 540954 > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. > > Still grepping through log files to find > > problems? Stop. > > Now Search log events and configuration files using > > AJAX and a browser. > > Download your FREE copy of Splunk now > > >> http://get.splunk.com/ > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > > > > > > > -- > > Bunyamin Demir > > OWASP-Turkey Chair > > http://www.webguvenligi.org > -- > www: http://peter.tux.hm > www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland > www: http://ha-forum.org - HA Cluster Forums > icq: 540954 > > > > > > -- > Bunyamin Demir > OWASP-Turkey Chair > http://www.webguvenligi.org > > -- www: http://peter.tux.hm www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland www: http://ha-forum.org - HA Cluster Forums icq: 540954 |