Printable Version of Topic

Click here to view this topic in its original format

Linuxhelp _ Programming in Linux _ How to disable Mod_Security in linux.

Posted by: tanuj Mar 10 2011, 09:17 AM

Hello all,

I was trying to run some script which is under cgi-bin folder, but mod_security is not allowing me to do so.
I tried disabling mod_security by creating .htaccess under my document root (I think which is /var/www/html) with following values
Collapse

<IfModule mod_security2.c>
SecRuleEngine Off
SecAuditEngine Off
</IfModule>

but still I could see in http error log:
Collapse

[Thu Mar 10 21:36:22 2011] [error] [client 10.206.152.61] ModSecurity: Access denied with code 501 (phase 2). Match of "rx (?:^(?:application\\\\/x-www-form-urlencoded(?:;(?:\\\\s?charset\\\\s?=\\\\s?[\\\\w\\\\d\\\\-]{1,18})?)??$|multipart/form-data;)|text/xml)" against "REQUEST_HEADERS:Content-type" required. [id "960010"] [msg "Request content type is not allowed by policy"] [severity "WARNING"] [hostname "10.209.116.191"] [uri "/cgi-bin/perf.pl"] [unique_id "BtPUSX8AAAEAADttKm0AAAAB"]
----------------------

Can someone help me out , am I missing something or is there any alternative way?
(I am using apache version 2.2.6)

Thanks in advance
Tanuj

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)