Dynamo

2 replies to this thread. Most Recent

Todd

17 Oct 2015, 11:04 pm

mod_security

I recently discovered some issues with saving certain types of resources in a CMS, the cause of which I’ve narrowed down to 3 specific mod_security rules. The host’s cPanel allows for disabling mod_security site-wide but that’s heavy-handed, and they don’t allow modifying the Apache httpd.conf file nor will they disable the offending rules on a shared server. I need a surgical solution that allows me to disable mod_security for a single directory.

Not sure if it will work on this server but I though I’d try using .htaccess but the demos I’ve found haven’t worked yet. Anyone know of an example for doing this?

Todd https://creativ.space https://xiiro.com

waltd

18 Oct 2015, 12:58 pm

I am pretty sure that mod_security can only be configured using am Apache config file, and if your host won’t let you do that, you’re pretty well out of luck.

Walter

On Oct 17, 2015, at 7:02 PM, Todd <[email protected]> wrote:

I recently discovered some issues with saving certain types of resources in a CMS, the cause of which I’ve narrowed down to 3 specific mod_security rules. The host’s cPanel allows for disabling mod_security site-wide but that’s heavy-handed, and they don’t allow modifying the Apache httpd.conf file nor will they disable the offending rules on a shared server. I need a surgical solution that allows me to disable mod_security for a single directory.

Not sure if it will work on this server but I though I’d try using .htaccess but the demos I’ve found haven’t worked yet. Anyone know of an example for doing this?

Todd https://creativ.space https://xiiro.com

Freeway user since 1997

http://www.walterdavisstudio.com

Back to Top

Todd

18 Oct 2015, 7:11 pm

Well, the host is who recommended trying htaccess, though they were vague as to whether it would actually work. Odd.

There are certainly plenty of online examples for doing this sort of thing with htaccess and Apache, but as I said none of it has worked for me which might support your conclusion.

Todd https://creativ.space https://xiiro.com

I am pretty sure that mod_security can only be configured using am Apache config file, and if your host won’t let you do that, you’re pretty well out of luck.