If you are receiving a modsec error in the apache error log;

[Wed Feb 10 02:02:32 2010] [error] [client] ModSecurity:
Access denied with code 500 (phase 2).
Pattern match "\\.php\\?.*loc=(http|https|ftp)\\:\\/" at REQUEST_URI.
[file "/usr/local/apache/conf/modsec2.user.conf"] [line "302"] [hostname "domain.com"] [uri "/folder/file.php"] [unique_id "S3JaCEPjyqQAAAOO2foAAAAY"]

and it does not give an ID number allowing you to whitelist the rule by ID as usual;

SecRuleRemoveById 300162 300163 300170

You can use the SecRuleRemoveByMsg instead to allow the addition of the rule to the whitelist

SecRuleRemoveByMsg "\.php\?.*loc=(http|https|ftp)\:\/"

Was this post helpful?