Disable modsec2 blacklist rule for specific hostname

Posted by KevinL on Server Fault See other posts from Server Fault or by KevinL
Published on 2012-10-26T21:23:38Z Indexed on 2012/10/26 23:04 UTC
Read the original article Hit count: 190

Filed under:

mod-security

|

modsecurity

I have a server running Apache2 with mod_security2. In modsec2.user.conf, there is a blacklist rule:

###BLACKLIST###
SecRule REQUEST_URI "mkdir"

I need to disable that rule for just one hostname on the server. I realize I could just remove it entirely but I'd rather keep it on for the other sites.

I realize you can use the SecRuleRemoveByID directive, based on each rule's ID, but as you can see above, this has no ID, it's just a string.

How do I disable that rule for just www.example.com, is there something I can do in custom.conf, whitelist.conf or exclude.conf ?

© Server Fault or respective owner

Related posts about mod-security

ModSecurity compile error on nginx

as seen on Server Fault - Search for 'Server Fault'
I'm trying to install ModSecurity on nginx with the following instructions : wget https://github.com/SpiderLabs/ModSecurity/archive/master.zip unzip master cd ModSecurity-master ./autogen.sh ./configure --enable-standalone-module And i got the following error : Checking plataform... Identified… >>> More
modsecurity apache mod-security.conf missing

as seen on Server Fault - Search for 'Server Fault'
Greetings Serverfaultians. I'm not a server guy as you can see from my noob score of 1 point. But maybe those more versed can help me. I'm using Ubuntu v13.10 32-bit Server and Apache2 v2.4.6 and I'm trying to set up and configure modsecurity and modevasive on an internet-exposed production/test… >>> More
How to detect brute force in mod-security

as seen on Server Fault - Search for 'Server Fault'
I checked the core rules set in the mod-security but it's didn't contain the rules related to Brute-Force Attack!!! Did anyone know how to write the rules or the existing rules for this kind of Attack! Thanks in advanced, >>> More
Necesity of ModSecurity if Apache is behind Nginx

as seen on Server Fault - Search for 'Server Fault'
I have my Apache installed behind Nginx. So every request that comes in is first handeled by Nginx. If there is dynamic content needed the request is send to Apache which listens on port 8080. Pretty basic reverse proxy setup. Now with this setup the first entry point is Nginx. Is it still needed… >>> More
Detecting Request that uses invalid Encoding using Modsecurity

as seen on Server Fault - Search for 'Server Fault'
I am trying write a virtual patch using modsecurity for my hosted web application using following rule i.e. <Location /index.php> SecDefaultAction phase:2,t:none,log,deny # Validate parameter names SecRule ARGS_NAMES "!^(articleid)$" \ "msg:'Unknown parameter: %{MATCHED_VAR_NAME}'" # Expecting… >>> More

Related posts about modsecurity

ModSecurity compile error on nginx

as seen on Server Fault - Search for 'Server Fault'
I'm trying to install ModSecurity on nginx with the following instructions : wget https://github.com/SpiderLabs/ModSecurity/archive/master.zip unzip master cd ModSecurity-master ./autogen.sh ./configure --enable-standalone-module And i got the following error : Checking plataform... Identified… >>> More
Why Is ModSecurity Unable to Access the Data Directory?

as seen on Server Fault - Search for 'Server Fault'
Update I think we've solved this; the problem appears to have been a result of the /modsec_storage directory having an incorrect value for its SELinux context type. However, we're still not sure, because although after I changed the SELinux context type value, Apache was able to create files in that… >>> More
Does ModSecurity 2.7.1 work with ASP.NET MVC 3?

as seen on Server Fault - Search for 'Server Fault'
I'm trying to get ModSecurity 2.7.1 to work with an ASP.NET MVC 3 website. The installation ran without errors and looking at the event log, ModSecurity is starting up successfully. I am using the modsecurity.conf-recommended file to set the basic rules. The problem I'm having is that whenever I… >>> More
Necesity of ModSecurity if Apache is behind Nginx

as seen on Server Fault - Search for 'Server Fault'
I have my Apache installed behind Nginx. So every request that comes in is first handeled by Nginx. If there is dynamic content needed the request is send to Apache which listens on port 8080. Pretty basic reverse proxy setup. Now with this setup the first entry point is Nginx. Is it still needed… >>> More
modsecurity apache mod-security.conf missing

as seen on Server Fault - Search for 'Server Fault'
Greetings Serverfaultians. I'm not a server guy as you can see from my noob score of 1 point. But maybe those more versed can help me. I'm using Ubuntu v13.10 32-bit Server and Apache2 v2.4.6 and I'm trying to set up and configure modsecurity and modevasive on an internet-exposed production/test… >>> More