apache / mod_security: fixing false positives
I am using Apache with mod_security and I got the following error today when I was trying to edit my wiki:
Quote:
I looked through the mod_security rules and found that this was the culprit: Quote:
Does anyone know how to turn this specific rule off just for the mediawiki portion of my site? That is, I want this rule to apply to every other portion of the site (where there will be no POST requests), except for on the wiki part. |
Something like this:
Code:
<LocationMatch "/mediawiki/index.php.*"> |
Sorry I took so long to respond. I recently just moved into a new home, and have been dealing with all of that.
Thank you very much for your response. I was reading some other documents and they said to create a separate rules file in the mod_security rules folder called 15_custom_rules.conf. Is this correct? Should I put what you suggested into that file, or into one of the already existing files? Thanks, jrtayloriv |
I am using mod_security 2.1.2 with modsecurity-core-rules_2.1-1.5.1.tar.gz.
I create a modsecurity_crs_99_custom_rules.conf file with this content: Code:
<LocationMatch "/mediawiki/index.php.*"> |
All times are GMT -5. The time now is 08:06 AM. |