I have a site hosted on a shared server with a web hosting company I work at. It's a CPanel/WHM-managed server with Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5
I need mod_security to be disabled just for my domain names, because I have a page named "about" and this always turns up a 406 Not Accepted error page, because the word "about" trips mod_security's rules.
I did some Google searches on how to do this and found the following things that could be added to .htaccess:
This gets a 500 Internal Error with:
I found this one that's allegedly for modsec2:
That gets
The only way I could find to disable it for my domain is to manually edit the whitelist file at /usr/local/apache/conf/modsec2/whitelist.conf. It seems like there should be a better way to do it.
-------------
Cuvou.com | My personal homepage
Project Fearless | My web blog
I need mod_security to be disabled just for my domain names, because I have a page named "about" and this always turns up a 406 Not Accepted error page, because the word "about" trips mod_security's rules.
I did some Google searches on how to do this and found the following things that could be added to .htaccess:
Code:
SecFilterEngine Off
SecFilterScanPOST Off
This gets a 500 Internal Error with:
Code:
[Wed Feb 20 08:11:06 2008] [alert] [client 69.16.222.179] /home/cuvou/public_html/.htaccess: Invalid command 'SecFilterEngine', perhaps misspelled or defined by a module not included in the server configuration
I found this one that's allegedly for modsec2:
Code:
SecRuleEngine Off
That gets
Code:
[Wed Feb 20 08:13:15 2008] [alert] [client 69.16.222.179] /home/cuvou/public_html/.htaccess: SecRuleEngine not allowed here
The only way I could find to disable it for my domain is to manually edit the whitelist file at /usr/local/apache/conf/modsec2/whitelist.conf. It seems like there should be a better way to do it.
-------------
Cuvou.com | My personal homepage
Project Fearless | My web blog