ModSecurity It's O Firewall application, open source, which offers protection web pages hosted on the server. Basically, modsecurity (mod_security) monitors and CONSIDER In real time traffic HTTP and offers protection for a series of attacks that could appear on the web pages.
Modsecurity can be installed and can be found on a web server May the module of Apache Web Server (mod_security) or as an independent application.
Even if it is provided to protect web applications, Modsecurity can also create a number of problems. The most common problem of mod_security is to prohibit access on certain web pages of users or robots of indexing (gen Googlebot). Can generate fall false positives gen: HTTP 403 (Forbidden sau Access Denied), HTTP 412 (Precondition Failed), HTTP 406 (Not Acceptable) or even errors on sessions of logging / authentication web.
Modsecurity is a good Firewall for web applications, but it must be manually configured according to the needs and specificity of the web site or the blog that it protects. If you use mod_security on a server with Apache and you do not want to complicate in config, then you can Disable Modsecurity For a particular site with file aid .htaccess Put in the root (in the root) web site. You will need to add in .htaccess the following lines:
SecFilterEngine Off
SecFilterScanPOST OffThese lines in the root of a web site will disable the modsecurity module (mod_security) for the entire domain.
Uninstall or delete the modsecurity module (mod_security) from Apache.
Usually mod_security is found in the folder of config of Apache. On most web server it is located in /usr/local/apache/config.
Before moving on to the manual deletion of the application files (in our case it is the files that start with “modsec2.”), we will have to remove the lines below from httpd.conf.
LoadModule security_module modules/mod_security.so
Include "/usr/local/apache/conf/modsec2.conf"After saving the changes made in httpd.conf, restartati Apache Web Server.
/etc/init.d/httpd restartNow you can delete the files that start with “modsec2.” din /usr/local/apache/config.
For servers that have installed WebHost Manager (WHM) The disinstallation procedure of modsecurity is even simpler. Go to CPanel/Whm to Addon Modules and Click Uninstall on the mod_security module.
STEALTH SETTINGS – UNINSTALL & REMOVE ModSecurity (mod_security).
