DigitalOcean

Report this

What is the reason for this report?
Question

Are these mod_security rules safe to disable?

Posted on August 1, 2014
dsan

By dsan

Hi, for the sake of my contact forms usability, I have disabled the following mod_security rules that were causing false positives:

                    SecRuleRemoveById 981242
                    SecRuleRemoveById 981172
                    SecRuleRemoveById 981173
                    SecRuleRemoveById 959070
                    SecRuleRemoveById 200003
                    SecRuleRemoveById 981318
                    SecRuleRemoveById 950901
                    SecRuleRemoveById 981256
                    SecRuleRemoveById 981257
                    SecRuleRemoveById 981231
                    SecRuleRemoveById 981245

Am I creating a security hole? Is there any safer alternative mod_security configuration?

thanks



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Iko
Iko
August 2, 2014

It’s not a security hole. Here you need read it first:

Read: Excluding Hosts and Directories ModSecurity: Debian-Ubuntu

Read some example: Wordpress ModSecurity

Conclusion: Mod Security does not play nice with some apps in example WordPress or by some other application. You should also look for information related to the application you are using.

0
dsan
dsan
August 2, 2014

I actually followed that tutorial to setup mod_security on my server and I set up to the rules to be removed only in specific locations (those containing forms). The problem was not the module conflicting with my plugins but it being triggered when a user inputs a special character in any of my web forms (like % or $ or ’ or #).

So I removed and those rules in order to o disable the special character triggers.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.