ispCP - Board - Support
How i disable mod security for a domain or dir?? - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: How i disable mod security for a domain or dir?? (/thread-6222.html)

How i disable mod security for a domain or dir?? - ryo hazuky - 03-28-2009 02:53 AM

I installed mod-security by howtos on this forum, but i have problem with some sites and specialy roundcube webmail, how i disable mod-security for roundcube??..thanks

RE: How i disable mod security for a domain or dir?? - kurgans - 03-28-2009 11:30 PM

http://www.isp-control.net/forum/thread-5757-post-46133.html#pid46133

RE: How i disable mod security for a domain or dir?? - ryo hazuky - 03-30-2009 10:11 PM

Disable and enable it's so easy, i want to disable a one domain or specific dir...

RE: How i disable mod security for a domain or dir?? - kurgans - 03-30-2009 10:38 PM

You need to create file. Htaccess to disable mod_security

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

RE: How i disable mod security for a domain or dir?? - ryo hazuky - 03-30-2009 11:18 PM

(03-30-2009 10:38 PM)kurgans Wrote:  You need to create file. Htaccess to disable mod_security

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

I tested this code on roundcube .htaccess file and not resolve the problem.

RE: How i disable mod security for a domain or dir?? - kilburn - 03-31-2009 12:23 AM

It didn't work in the roundcube case because it is running under the panel's VirtualHost which prevents overriding any options through .htaccess:
/etc/apache2/sites-enabled/00_master.conf
Code:
...
    <Directory /var/www/ispcp/gui>
        Options -Indexes Includes FollowSymLinks MultiViews
        AllowOverride None
...
Thus, you can either:
  1. 1) Change to AllowOverride All so the .htaccess file becomes actually effective.
  2. 2) Add the <IfModule mod_security...</IfModule> block into the above <Directory /var/www/ispcp/gui>...</Directory> block.


RE: How i disable mod security for a domain or dir?? - ryo hazuky - 04-04-2009 11:36 PM

(03-31-2009 12:23 AM)kilburn Wrote:  It didn't work in the roundcube case because it is running under the panel's VirtualHost which prevents overriding any options through .htaccess:
/etc/apache2/sites-enabled/00_master.conf
Code:
...
    <Directory /var/www/ispcp/gui>
        Options -Indexes Includes FollowSymLinks MultiViews
        AllowOverride None
...
Thus, you can either:
  1. 1) Change to AllowOverride All so the .htaccess file becomes actually effective.
  2. 2) Add the <IfModule mod_security...</IfModule> block into the above <Directory /var/www/ispcp/gui>...</Directory> block.

It's Work, the correct sintax to disable for webmail is
<Directory /var/www/ispcp/gui>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Maybe mod_security is responsable to error 500 on ISPCP to. Mod_sec blocks a script to run and cause timout on the scripts to creates domains, emails....maybe...

sorry for my english...i am from brazil