Newly installed server and I'm just interested in doing some development for a web application. Modsecurity is used for implementing protocol level security, but it is not for everyone. Using it requires internet security knowledge. Four reasons not to use mod_security
Here's how to turn off modsecurity. Locate in
/etc/httpd/modsecurity.d the line:SecRuleEngine OnAnd for "DetectionOnly" switch this to:
SecRuleEngine DetectionOnlyAnd of course, restart apache once you are done:
# service httpd restartIt is recommended to run modsecurity in detection only until you are comfortable with writing rule sets.
No comments:
Post a Comment