Difference between revisions of "Disabling mod security for apache"
(Created page with "=Disabling mod_security for apache= It is possible to come across apache configuration where POST requests containing path like /etc/shadow or /bin/ping get blocked. To solve...") |
m |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Apache web server configuration]] > [[Disabling mod_security for apache]] | |||
It is possible to come across apache configuration where POST requests containing path like /etc/shadow or /bin/ping get blocked. To solve this problem use | It is possible to come across apache configuration where POST requests containing path like /etc/shadow or /bin/ping get blocked. To solve this problem use | ||
Line 10: | Line 10: | ||
''This is very bad idea. mod_security is designed to protect against buffer overflow, code injection, etc. attacks and disabling it like mentioned above increases surface area of attack to very large extent. Way better approach is to actually understand apache mod_security configuration and configure it appropriately.'' | ''This is very bad idea. mod_security is designed to protect against buffer overflow, code injection, etc. attacks and disabling it like mentioned above increases surface area of attack to very large extent. Way better approach is to actually understand apache mod_security configuration and configure it appropriately.'' | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Apache web server configuration]] > [[Disabling mod_security for apache]] |
Latest revision as of 07:32, 6 March 2022
Home > CentOS > CentOS 6.x > Apache web server configuration > Disabling mod_security for apache
It is possible to come across apache configuration where POST requests containing path like /etc/shadow or /bin/ping get blocked. To solve this problem use
mv /etc/httpd/conf.d/mod_security.conf /etc/httpd/conf.d/mod_security.conf2 service httpd reload
This basically renamed mod_security configuration so that it is no longer applied.
This is very bad idea. mod_security is designed to protect against buffer overflow, code injection, etc. attacks and disabling it like mentioned above increases surface area of attack to very large extent. Way better approach is to actually understand apache mod_security configuration and configure it appropriately.
Home > CentOS > CentOS 6.x > Apache web server configuration > Disabling mod_security for apache