Disabling mod security for apache

From Notes_Wiki
Revision as of 04:19, 7 November 2012 by Saurabh (talk | contribs) (Created page with "=Disabling mod_security for apache= It is possible to come across apache configuration where POST requests containing path like /etc/shadow or /bin/ping get blocked. To solve...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Disabling mod_security for apache

It is possible to come across apache configuration where POST requests containing path like /etc/shadow or /bin/ping get blocked. To solve this problem use 

mv /etc/httpd/conf.d/mod_security.conf /etc/httpd/conf.d/mod_security.conf2
service httpd reload

This basically renamed mod_security configuration so that it is no longer applied.

This is very bad idea. mod_security is designed to protect against buffer overflow, code injection, etc. attacks and disabling it like mentioned above increases surface area of attack to very large extent. Way better approach is to actually understand apache mod_security configuration and configure it appropriately.

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Disabling_mod_security_for_apache&oldid=29"