mod-security-users

[mod-security-users] whitelisting directories

[Ronnie A. <ron...@gm...>]

Hi,
I'm on version 2.x (how do I find out!?). I'm trying to do one of the
following:

* turn modsecurity off for a directory.
* turn modsecurity off for a directory and it's subdirectories
* keep modsecurity on, but disable some rules for certain directories

Any help would be greatly appreciated,

Thanks
Ronnie

Re: [mod-security-users] whitelisting directories

[Williams, D. A. <dav...@US...>]

Here are some examples which work for my; YMMV:

I have an issue with Multiviews and body parsing, so I turn it off for
the directory (and be default those below) where I use multiviews:

<Directory "..."> 

<IfModule security2_module>

SecResponseBodyAccess Off 

</IfModule>

...

 

For my local subversion host, I turn off these specific rules which
subversion access triggers:

< VirtualHost....>

<IfModule mod_security2.c>

SecRuleRemoveById 960010

SecRuleRemoveById 960015

SecRuleRemoveById 960032

SecRuleRemoveById 960904

SecRuleRemoveByID 960035

SecRuleRemoveByID 950005

SecRuleRemoveByID 959005

SecResponseBodyLimitAction ProcessPartial

</IfModule>

....

 

I don't have an example of making a change in one directory that does
not impact it's subdirectories - I think you'd have to effectively undo
the change for each subdirectory (and I'm not sure there is a
"SecRuleAddById" function in modsec.  You'd probably have to do some
ugly configuration to do that, but perhaps someone else has ideas...

-David

 

________________________________

From: Ronnie Adamowicz [mailto:ron...@gm...] 
Sent: Wednesday, May 06, 2009 8:21 AM
To: mod...@li...
Subject: [mod-security-users] whitelisting directories

 

Hi,

 

I'm on version 2.x (how do I find out!?). I'm trying to do one of the
following:

 

* turn modsecurity off for a directory.

* turn modsecurity off for a directory and it's subdirectories

* keep modsecurity on, but disable some rules for certain directories

 

Any help would be greatly appreciated,

 

Thanks

Ronnie