mod-security2 and awstats = error 500

[prale]

[Sat Jun 28 14:40:45 2008] [error] [client 127.0.0.1] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(​?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|d(?:bf?|at|ll|os)|i(?[acq]|n[ci])|ba(?:[kt]|ckup)|res(?:ources|x)|s(?:h?tm|ql|ys)|l(?:icx|nk|og)|\\w{0,5}~|webinfo|ht[rw]|xs[dx]| ..." at REQUEST_BASENAME. [file "/etc/modsecurity2/modsecurity_crs_30_http_policy.conf"] [line "94"] [id "960035"] [msg "URL file extension is restricted by policy"] [severity "CRITICAL"] [tag "POLICY/EXT_RESTRICTED"] [hostname "localhost"] [uri "/awstats/mydomain.com"] [unique_id "VdBaplGpgkIAAAmZH2QAAABN"]

I dissabled mod-security2 and awstats work now.
Any ideas how to fix it?

[Wut]

I've found this problem too.

Any suggestion ?

[Zothos]

deactivate the corresponding mod_security rule

[Wut]

How ?

I'm edit /etc/modsecurity2/modsecurity_crs_30_http_policy.conf and comment the following line out :

# Restrict file extension
#
# TODO the list of file extensions below are virtually always considered unsafe
# and not in use in any valid program. If your application uses one of
# these extensions, please remove it from the list of blocked extensions.
# You may need to use ModSecurity Core Rule Set Templates to do so, otherwise
# comment the whole rule.
#
SecRule REQUEST_BASENAME "\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|$
"phase:2,t:none,t:urlDecodeUni, t:lowercase, deny,log,auditlog,status:500,msg:'URL file extension is$

Are there any better solution ? like whitelist for awstats.pl or something