|
|
mod_security functionality bypass through .htaccess issue.: msg#00093apache.mod-security.user
Hello, I accidently found that it could be available to de-activate mod_security in a certain directory by using a .htaccess like that... ## START ## <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> ## END ## I believe it's something related to the "AllowOverride" directive from apache but im not exactly sure, the available arguments for this directive are "AuthConfig, FileInfo, Indexes, Limit, Options", I've tried hardly to find a way to not to disable the usage of .htaccess files and keep it's functionality but also to prevent it from being able to modify through it the functionality of mod_security. I'm sure you could help in this issue as it's a big pain for any server running apache in a shared vhosting environment. -- Thanks in Advance Ahmed Medhat ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________ mod-security-users mailing list mod-security-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/mod-security-users |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: How to remove rule on file in phase1?: 00093, Ivan Ristic |
|---|---|
| Next by Date: | Cant install mod sec2, plus post payload filterng for scripts: 00093, Dan Rossi |
| Previous by Thread: | How to remove rule on file in phase1?i: 00093, pedro |
| Next by Thread: | Re: mod_security functionality bypass through .htaccess issue.: 00093, Ivan Ristic |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |