Thursday, April 23, 2009

How to turn off modsecurity (apache module)

I'm running fc10, Fedora 10 Linux.

Newly installed server and I'm just interested in doing some development for a web application. Modsecurity is used for implementing protocol level security, but it is not for everyone. Using it requires internet security knowledge. Four reasons not to use mod_security

Here's how to turn off modsecurity. Locate in /etc/httpd/modsecurity.d the line:

SecRuleEngine On

And for "DetectionOnly" switch this to:

SecRuleEngine DetectionOnly

And of course, restart apache once you are done:

# service httpd restart

It is recommended to run modsecurity in detection only until you are comfortable with writing rule sets.

1 comment:

Cindy Dy said...

Thank you for putting an effort to published this article. You've done a great job! Good bless!