« Buzzword - Opera
Pelokalan Website Opera »

Bypassing mod_security2 + apache2

Normally, you can easily bypass mod_security2 + apache 1.3.x by adding this code in your .htaccess file :

<ifModule mod_security.c>
SecFilterEngine off
</ifModule>

But in apache2, you can’t use the code to bypass mod_security2 rules for 2 reasons :

  • Use SecRuleEngine instead of SecFilterEngine. Why ? Because SecFilterEngine didn’t exist in mod_security2 with apache2 :D
  • if you use SecRuleEngine Off in your .htaccess, you’ll get HTTP 500 error .

So use this code directly in your httpd.conf :

<ifModule mod_security2.c>
SecRuleEngine off
</ifModule>

[Worrying Start]
The code won’t last long, since httpd.conf will be auto-generated for CPanel server (server that running CPanel?). I guess i should add a new line in CPanel template’s vhost.default per vhost.servername. hmm…
** membacanya saja saya sulit, apalagi menulis disitu ** :(
[/Worrying Stop]

This entry was posted on Wednesday, February 13th, 2008 at 8:17 pm and is filed under Log, Personal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Bypassing mod_security2 + apache2”

  1. kumandigital Says:
    February 14th, 2008 at 1:16 am

    apa itu???ha…h…???

    *terbelalak karena bingung. terus guling-guling karena semakin dibaca semakin bingung*

  2. starboard Says:
    February 14th, 2008 at 8:08 am

    ngemengin apa seh?

Leave a Reply