Mod_security and bad request problem

[defcode]

Hello,

We recently build a new server using CentOS 5 and Plesk 8.3, everything went well during setup except for the following things we discovered after migrating some domains:

1.Even though mod_security2 is installed we can't use "SecRuleEngine Off" in an .htaccess file to disable it on certain domains. Anyone know where we can enable this directive ? (Returning 500 internal error if we try at the moment).

2.We have some big problems using accents (éàè...) and special characters ({(/%*...) in url or using POST, GET request on some webpages on different domains that were not having such problems on the old server Plesk 8.1. Is there some kind of apache module that should change in the url those special characters for example: ( should be changed in %28) .

Sorry for my bad english.

Any help on this would be really apreciated.

defcode

 

[lvalics]

1. You cannot setup as I know in .htaccess the rules.
2. Try to add to vhost.conf the rule what you need to ignore.
SecRuleRemoveById "340144" example.

 

[defcode]

Hello,

Thanks for the answer but it's kinda strange since we were able to do this by adding "SecFilterEngine Off" in an .htaccess file in the old mod_security. Only thing i found is that it should be "SecRuleEngine Off" now in the version 2 but with any of them i get this 500 internal error like this directive is unknown or misstyped.

Thanks also for the idea to remove it by using this line in the vhost.conf but for this solution we'll need our intervention each time for each domain and until now that SecFilterEngine Off was really helpfull for that reason.

Regards

defcode

 

[lvalics]

I tried one time and I got that is not supported, maybe I am wrong (I hope )

 

[atomicturtle]

I believe that manipulation of the security policy via .htaccess files is no longer allowed.

 

[defcode]

Thanks i guess we'll have to remove some of the rules then.

For the special characters any of you have an idea?

 

[atomicturtle]

If I had the full alert file yeah. We support mod_security in ASL.

 

[defcode]

I decided to remove temporarly the mod security to check all those problems and yep everything goes fines after switching off the mod security. I need now to figure wich rules is causing all those problems. A better look at the log files will probably do it.

 

[lvalics]

It is very risky, I get I think very 1 minute a try on our servers and mod_seucrity stop it.