Apr 23 2014 
Support Center » Knowledgebase » Linux VPS » What is mod_security and what exactly does it block?
 What is mod_security and what exactly does it block?
Solution In order to help keep your VPS more secure and to help stop several very common types of attacks on your server, we install mod_security for each of our customers. mod_security integrates with Apache to stop attackers from being able to issue commands to the server through vulnerable scripts and software packages you might have installed.

By default, the following terms are blocked from being called from within a URL:

* wget
* lynx
* curl
* tar
* uname
* g++
* gcc
* nmap
* .bash_history
* /etc/passwd
* /bin/ps
* /usr/bin/id
* /bin/kill
* /usr/bin/gcc
* /bin/mail
* /bin/ping
* /bin/ls
* lsof
* perl
* 0a.pl
* "img src=javascript"
* /~nobody
* /~root
* /~ftp
* formmail.cgi
* formmail.pl
* formmail.php
* /modules/My_eGallery
* telnet.pl
* telnet.cgi
* shell.pl
* shell.cgi
* shell.php

Again, this list does not mean you cannot use features like "tar" in your programs. You just can't include "tar" in the URL bar.

To modify your mod_security configuration file, you would want to:

1. Login to your server as root.
2. Open the file /usr/local/apache/conf/mod_security.conf
pico -w /usr/local/apache/conf/mod_security.conf
3. Search for any directive you might want to remove (such as "tar") and put a "#" at the start of the line. This will "comment" that directive out where the server will essentially ignore it. If you wish to add a directive, just scroll to the bottom of the file and use:
SecFilter "phrasetoblock"
4. Save your changes and restart Apache.
service httpd restart

Contact support if you have questions about mod_security or if you need help with how to add/remove an allowed directive from your server.

Article Details
Article ID: 77
Created On: Jan 23 2009 03:59 PM

 This answer was helpful  This answer was not helpful

 Login [Lost Password] 
Remember Me:
 Article Options
Home | Register | Knowledgebase

Help Desk Software By Kayako eSupport v3.60.02