Are these mod_security rules safe to disable?

August 1, 2014 3.1k views

Hi, for the sake of my contact forms usability, I have disabled the following mod_security rules that were causing false positives:

                    SecRuleRemoveById 981242
                    SecRuleRemoveById 981172
                    SecRuleRemoveById 981173
                    SecRuleRemoveById 959070
                    SecRuleRemoveById 200003
                    SecRuleRemoveById 981318
                    SecRuleRemoveById 950901
                    SecRuleRemoveById 981256
                    SecRuleRemoveById 981257
                    SecRuleRemoveById 981231
                    SecRuleRemoveById 981245

Am I creating a security hole? Is there any safer alternative mod_security configuration?


2 Answers

It's not a security hole. Here you need read it first:

Read: Excluding Hosts and Directories
ModSecurity: Debian-Ubuntu

Read some example:
Wordpress ModSecurity

Mod Security does not play nice with some apps in example WordPress or by some other application. You should also look for information related to the application you are using.

by Jesin A
Here's how to set up mod_security with Apache on Debian/Ubuntu.

I actually followed that tutorial to setup mod_security on my server and I set up to the rules to be removed only in specific locations (those containing forms). The problem was not the module conflicting with my plugins but it being triggered when a user inputs a special character in any of my web forms (like % or $ or ' or #).

So I removed and those rules in order to o disable the special character triggers.

Have another answer? Share your knowledge.