{"id":2065,"date":"2010-01-22T00:31:22","date_gmt":"2010-01-22T05:31:22","guid":{"rendered":"http:\/\/g33kinfo.com\/info\/?p=2065"},"modified":"2010-01-22T00:31:22","modified_gmt":"2010-01-22T05:31:22","slug":"disable-mod-security-for-a-specific-domain","status":"publish","type":"post","link":"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/","title":{"rendered":"Disable Mod Security for a specific file or domain"},"content":{"rendered":"<p>There are several ways to disable Mod Security for a specific domain, or location within a domains pages. More often then not, when you add a new domain after installing mod_security, you will see apache 500 errors when you try to post or a client tries to post a response in a forum. This can be tracked back to mod_security and can be verified using<br \/>\n<code><br \/>\ntac \/usr\/local\/apache\/logs\/error_log |grep 500 |less<br \/>\n<\/code><br \/>\nthis will output something like<br \/>\n<code><br \/>\n[Tue Jan 12 13:53:49 2010] [error] [client 123.116.100.144] ModSecurity: Access denied with code 500 (phase 2). Pattern match \"(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z<br \/>\n|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)\" at ARGS:comment. [file \"\/usr\/local\/apache\/conf\/modsec2.user.conf\"] [line \"355\"] [id \"300016\"] [rev \"2\"]<br \/>\n[msg \"Generic SQL injection protection\"] [severity \"CRITICAL\"] [hostname \"g33kinfo.com\"] [uri \"\/info\/wp-comments-post.php\"] [unique_id \"S0zFPUPh8qsAAD69EYQAAAAL\"]<\/p>\n<p>[Mon Jan 11 09:54:51 2010] [error] [client 74.208.147.13] ModSecurity: Access denied with code 500 (phase 2). Pattern match \"(chr|fwrite|fopen|system|echr|passthru|popen|proc_open|s<br \/>\nhell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\\\\(<br \/>\n.*\\\\)\\\\;\" at REQUEST_URI. [file \"\/usr\/local\/apache\/conf\/modsec2.user.conf\"] [line \"325\"] [id \"300008\"] [rev \"1\"] [msg \"Generic PHP exploit pattern denied\"] [severity \"CRITICAL\"] [ho<br \/>\nstname \"67.225.242.173\"] [uri \"\/pma\/config\/config.inc.php\"] [unique_id \"S0s7u0Ph8qsAAEbRiZwAAAAL\"]<br \/>\n<\/code><\/p>\n<p>The part of the error code you want to take notice of is the id &#8220;300008&#8221; or id &#8220;300016&#8221;. This defines the mod_security rule that is being broken (right before this id number will be the line number where the actual rule resides). Sometimes the silly thing will detect the specific words like &#8216;select&#8217; and &#8216;from&#8217; which mysql uses in certain queries and will block a post. <\/p>\n<p>The first way to specifically disable is to create a directory for that domain:<br \/>\n<code><br \/>\nmkdir -p \/usr\/local\/apache\/conf\/userdata\/std\/2\/USERNAME\/DOMAIN.TLD<\/code><br \/>\nThen create a mod_security conf file:<br \/>\n<code><br \/>\ntouch \/usr\/local\/apache\/conf\/userdata\/std\/2\/USERNAME\/DOMAIN.TLD\/mod_security.conf<\/code><br \/>\nUsing your favorite Linux Text editor such as pico or vi, add the following directive(s) in that file:<br \/>\n<code><br \/>\n<ifmodule mod_security2.c><br \/>\nSecRuleEngine Off<br \/>\n<\/ifmodule><\/code><br \/>\nSave the file and then run:<br \/>\n<code><br \/>\n\/scripts\/ensure_vhost_includes \u2013user=USERNAME<\/code><\/p>\n<p>The second way, which is actually much much better, is to add a specific location of a file that is causing the error to the modsec whitelist.<br \/>\n<code>vim \/usr\/local\/apache\/conf\/modsec2\/whitelist.conf<\/code><br \/>\nand add<br \/>\n<code><br \/>\n<locationmatch \/info\/wp-admin\/post.php><br \/>\nSecRuleRemoveById 300008 300015 300016 300017 330001<br \/>\n<\/locationmatch><\/p>\n<p><locationmatch \/info\/wp-admin\/admin-ajax.php><br \/>\nSecRuleRemoveById 300008 300015 300016 300017 330001<br \/>\n<\/locationmatch><\/p>\n<p><locationmatch \/info\/wp-admin\/page.php><br \/>\nSecRuleRemoveById 300008 300015 300016 300017 330001<br \/>\n<\/locationmatch><br \/>\n<\/code><br \/>\nNotice we are adding the specific rule numbers being broken here to the whitelist. As you can see, when using wordpress and you are trying to add code to a post, rules will be broken and need to added to the whitelist. This is safer than disabling modsec for the domain.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There are several ways to disable Mod Security for a specific domain, or location within a domains pages. More often then not, when you add a new domain after installing mod_security, you will see apache 500 errors when you try to post or a client tries to post a response in a forum. This can&#8230; <\/p>\n<div class=\"read-more navbutton\"><a href=\"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/\">Read More<i class=\"fa fa-angle-double-right\"><\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-2065","post","type-post","status-publish","format-standard","hentry","category-info"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Disable Mod Security for a specific file or domain - Linux Shtuff<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Disable Mod Security for a specific file or domain - Linux Shtuff\" \/>\n<meta property=\"og:description\" content=\"There are several ways to disable Mod Security for a specific domain, or location within a domains pages. More often then not, when you add a new domain after installing mod_security, you will see apache 500 errors when you try to post or a client tries to post a response in a forum. This can... Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Shtuff\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:author\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:published_time\" content=\"2010-01-22T05:31:22+00:00\" \/>\n<meta name=\"author\" content=\"g33kadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/drsinger1111\" \/>\n<meta name=\"twitter:site\" content=\"@drsinger1111\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-mod-security-for-a-specific-domain\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-mod-security-for-a-specific-domain\\\/\"},\"author\":{\"name\":\"g33kadmin\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"headline\":\"Disable Mod Security for a specific file or domain\",\"datePublished\":\"2010-01-22T05:31:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-mod-security-for-a-specific-domain\\\/\"},\"wordCount\":272,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"articleSection\":[\"General Info\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-mod-security-for-a-specific-domain\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-mod-security-for-a-specific-domain\\\/\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-mod-security-for-a-specific-domain\\\/\",\"name\":\"Disable Mod Security for a specific file or domain - Linux Shtuff\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\"},\"datePublished\":\"2010-01-22T05:31:22+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-mod-security-for-a-specific-domain\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-mod-security-for-a-specific-domain\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-mod-security-for-a-specific-domain\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Disable Mod Security for a specific file or domain\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\",\"name\":\"Linux Shtuff\",\"description\":\"Because I have CRS Syndrome...\",\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\",\"name\":\"g33kadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"contentUrl\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"width\":512,\"height\":512,\"caption\":\"g33kadmin\"},\"logo\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\"},\"description\":\"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\\\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....\",\"sameAs\":[\"https:\\\/\\\/thelinuxreport.com\",\"https:\\\/\\\/fb.me\\\/g33kinf0\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/drsinger1111\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Disable Mod Security for a specific file or domain - Linux Shtuff","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/","og_locale":"en_US","og_type":"article","og_title":"Disable Mod Security for a specific file or domain - Linux Shtuff","og_description":"There are several ways to disable Mod Security for a specific domain, or location within a domains pages. More often then not, when you add a new domain after installing mod_security, you will see apache 500 errors when you try to post or a client tries to post a response in a forum. This can... Read More","og_url":"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/","og_site_name":"Linux Shtuff","article_publisher":"https:\/\/fb.me\/g33kinf0","article_author":"https:\/\/fb.me\/g33kinf0","article_published_time":"2010-01-22T05:31:22+00:00","author":"g33kadmin","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/drsinger1111","twitter_site":"@drsinger1111","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/#article","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/"},"author":{"name":"g33kadmin","@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"headline":"Disable Mod Security for a specific file or domain","datePublished":"2010-01-22T05:31:22+00:00","mainEntityOfPage":{"@id":"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/"},"wordCount":272,"commentCount":0,"publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"articleSection":["General Info"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/","url":"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/","name":"Disable Mod Security for a specific file or domain - Linux Shtuff","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/#website"},"datePublished":"2010-01-22T05:31:22+00:00","breadcrumb":{"@id":"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/g33kinfo.com\/info\/disable-mod-security-for-a-specific-domain\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/g33kinfo.com\/info\/"},{"@type":"ListItem","position":2,"name":"Disable Mod Security for a specific file or domain"}]},{"@type":"WebSite","@id":"https:\/\/g33kinfo.com\/info\/#website","url":"https:\/\/g33kinfo.com\/info\/","name":"Linux Shtuff","description":"Because I have CRS Syndrome...","publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/g33kinfo.com\/info\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547","name":"g33kadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","url":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","contentUrl":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","width":512,"height":512,"caption":"g33kadmin"},"logo":{"@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif"},"description":"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....","sameAs":["https:\/\/thelinuxreport.com","https:\/\/fb.me\/g33kinf0","https:\/\/x.com\/https:\/\/twitter.com\/drsinger1111"]}]}},"_links":{"self":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/2065","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/comments?post=2065"}],"version-history":[{"count":0,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/2065\/revisions"}],"wp:attachment":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/media?parent=2065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/categories?post=2065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/tags?post=2065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}