mod_security2 sigh

Good Concept Just be prepared…

Login

Blog History

Good Concept Just be prepared for head scratching

I had a post with this as the URL /it-tips/getting-screenshots-working-the-way-i-like-in-lxde couldn't access with mod_security running.

The reason it didn't like the word "like" in the Permalink tag.

So I've changed it to /it-tips/getting-screenshots-working-the-way-i-prefer-in-lxde and now it's happy.

Seems to me that mod_security is a very good product because it stops so much bad gunk getting through but you have a burden of maintenance and false positives.

I will have to buy a mod_security book and learn the rule syntax so I can work around or whitelist URL's without turning off the rules by adding "SecRuleRemoveById" to a httpd conf file followed by the offending rules e.g.

SecRuleRemoveById 123456 789101 121314

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.