Are these mod_security rules safe to disable?

Question

Hi, for the sake of my contact forms usability, I have disabled the following mod_security rules that were causing false positives:

                    SecRuleRemoveById 981242
                    SecRuleRemoveById 981172
                    SecRuleRemoveById 981173
                    SecRuleRemoveById 959070
                    SecRuleRemoveById 200003
                    SecRuleRemoveById 981318
                    SecRuleRemoveById 950901
                    SecRuleRemoveById 981256
                    SecRuleRemoveById 981257
                    SecRuleRemoveById 981231
                    SecRuleRemoveById 981245

Am I creating a security hole? Is there any safer alternative mod_security configuration?

thanks

Answer 1

iko August 2, 2014

It’s not a security hole. Here you need read it first:

Read: Excluding Hosts and Directories
ModSecurity: Debian-Ubuntu

Read some example:
Wordpress ModSecurity

Conclusion:
Mod Security does not play nice with some apps in example WordPress or by some other application. You should also look for information related to the application you are using.

How To Set Up mod_security with Apache on Debian/Ubuntu

by Jesin A

Here's how to set up mod_security with Apache on Debian/Ubuntu.

Reply Report

Answer 2

dsan August 2, 2014

I actually followed that tutorial to setup mod_security on my server and I set up to the rules to be removed only in specific locations (those containing forms). The problem was not the module conflicting with my plugins but it being triggered when a user inputs a special character in any of my web forms (like % or $ or ’ or #).

So I removed and those rules in order to o disable the special character triggers.

Reply Report

Question

Are these mod_security rules safe to disable?

Leave a comment

Looking for something else?

Sign up for our newsletter

Question

Are these mod_security rules safe to disable?

Leave a comment

Looking for something else?