I got a server 500 Error when accessing the akismet spam filter. Checking the logs and I could see the error was ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified) To correct this edit this file /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf Look for the line SecResponseBodyLimit 524288 I just added a leading 1 [...]
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/ I am only surmising from the limited information I can see here that ModSecurity would have protected them? Comments on this one welcome… Rule 959001 does seem to cover the “SelECT” part of the URL in the screen shots but when I try a random url with this string in it on my website [...]
Ofer Shezaf at xiom.com has created a list of Application Specific Rules for ModSecurity. He is actively looking for these rules so it should be updated quite regularly I think. Ofer Shezaf was one of the Team that brought us ModSecurity in the first place although he is no longer there. You can still see [...]
Too many ModSecurity rules trip up PHPMyAdmin so I decided to find another way to protect it. I personally use the .htaccess password protection and then disable ModSecurity totally for this directory. It is also advisable to use a totally unique directory name so that it can’t be guessed.
This is necessary to allow Actinic to work on a shared server. <LocationMatch “/cgi-bin/ca000001.pl”> SecRuleRemoveById 950910 </LocationMatch> <LocationMatch “/acatalog/”> SecRuleRemoveById 950910 </LocationMatch>
I am managing a bunch of shared hosting servers and I still find clients of this company are installing older version of Mambo. This ModSecurity Rule is essential when you are dealing with a server where clients can install anything they want. This goes in modsecurity_crs_15_custom.conf also SecRule ARGS_NAMES “mosConfig_absolute_path” “deny,log,auditlog,redirect:http://www.google.co.uk” I redirect to http://www.google.co.uk [...]
Just re-read the title and it sounds like science fiction B movie title.. Oh well. After running this for a while and having played with all the possible options in WordPress here is my final Mod_Security custom file.
Top tips to secure your Linux Server
Mod Security exceptions for WordPress, yet another addition.
Fixing WordPress problems caused by Mod_security the result.