mod-security-users

[mod-security-users] mod_security and mod_rewrite incompatability

[Mark P. <m_p...@ya...>]

Hi,

I can't seem to resolve what appears to be an
incompatability between these two popular modules:
mod_security and mod_rewrite. 

I'm running a patched apache 2.0.52 with the latest
stable mod_security and the bundled mod_rewrite.

To effectively disable mod_security I only need to
enable mod_rewrite with:

       <Location "/">
               RewriteEngine On
       </Location>

I first noticed that mod_security would be disabled
when running the nikto scanner against the httpd
daemon (with and without the RewriteEngine On). 

Has anyone else come across this problem? 

thanks

Mark



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250

Re: [mod-security-users] mod_security and mod_rewrite incompatability

[Ivan R. <iv...@we...>]

Mark Precious wrote:
> Hi,
> 
> I can't seem to resolve what appears to be an
> incompatability between these two popular modules:
> mod_security and mod_rewrite. 
> 
> I'm running a patched apache 2.0.52 with the latest
> stable mod_security and the bundled mod_rewrite.
> 
> To effectively disable mod_security I only need to
> enable mod_rewrite with:
> 
>        <Location "/">
>                RewriteEngine On
>        </Location>
> 
> I first noticed that mod_security would be disabled
> when running the nikto scanner against the httpd
> daemon (with and without the RewriteEngine On). 
> 
> Has anyone else come across this problem?

   Not here. It works fine for me with this simple configuration:

   SecFilterEngine On
   SecFilter 111
   <Location "/">
       RewriteEngine On
   </Location>

   Maybe we need to see your full configuration. You mentioned
   your Apache was patched?

-- 
Ivan Ristic (http://www.modsecurity.org)