Printable Version of Topic

Click here to view this topic in its original format

Linuxhelp _ Programming in Linux _ How to disable Mod_Security in linux.

Posted by: tanuj Mar 10 2011, 09:17 AM

Hello all,

I was trying to run some script which is under cgi-bin folder, but mod_security is not allowing me to do so.
I tried disabling mod_security by creating .htaccess under my document root (I think which is /var/www/html) with following values

<IfModule mod_security2.c>
SecRuleEngine Off
SecAuditEngine Off

but still I could see in http error log:

[Thu Mar 10 21:36:22 2011] [error] [client] ModSecurity: Access denied with code 501 (phase 2). Match of "rx (?:^(?:application\\\\/x-www-form-urlencoded(?:;(?:\\\\s?charset\\\\s?=\\\\s?[\\\\w\\\\d\\\\-]{1,18})?)??$|multipart/form-data;)|text/xml)" against "REQUEST_HEADERS:Content-type" required. [id "960010"] [msg "Request content type is not allowed by policy"] [severity "WARNING"] [hostname ""] [uri "/cgi-bin/"] [unique_id "BtPUSX8AAAEAADttKm0AAAAB"]

Can someone help me out , am I missing something or is there any alternative way?
(I am using apache version 2.2.6)

Thanks in advance

Powered by Invision Power Board (
© Invision Power Services (