Are these mod_security rules safe to disable?

  • Posted August 1, 2014

Hi, for the sake of my contact forms usability, I have disabled the following mod_security rules that were causing false positives:

                    SecRuleRemoveById 981242
                    SecRuleRemoveById 981172
                    SecRuleRemoveById 981173
                    SecRuleRemoveById 959070
                    SecRuleRemoveById 200003
                    SecRuleRemoveById 981318
                    SecRuleRemoveById 950901
                    SecRuleRemoveById 981256
                    SecRuleRemoveById 981257
                    SecRuleRemoveById 981231
                    SecRuleRemoveById 981245

Am I creating a security hole? Is there any safer alternative mod_security configuration?



Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I actually followed that tutorial to setup mod_security on my server and I set up to the rules to be removed only in specific locations (those containing forms). The problem was not the module conflicting with my plugins but it being triggered when a user inputs a special character in any of my web forms (like % or $ or ’ or #).

So I removed and those rules in order to o disable the special character triggers.

It’s not a security hole. Here you need read it first:

Read: Excluding Hosts and Directories ModSecurity: Debian-Ubuntu

Read some example: Wordpress ModSecurity

Conclusion: Mod Security does not play nice with some apps in example WordPress or by some other application. You should also look for information related to the application you are using.