LSWS 4.2.3 VS mod_security

DraCoola

Well-Known Member
#1
I've found that :
Code:
<LocationMatch .*>
        SecRuleRemoveById xxxxxx
</LocationMatch>
won't work with 4.2.3 :confused:
please fix this.
 

DraCoola

Well-Known Member
#3
hi NiteWave, thanks for your response.
LocationMatch are placed on :

/usr/local/apache/conf/userdata/std/2/username/

and

/usr/local/apache/conf/

those works fine on 4.2.2, so I revert back to 4.2.2 to solve this.
 

DraCoola

Well-Known Member
#5
i am sorry, NiteWave, but that can't be done.
some websites need to exclude some of specific atomic modsec rules to get their site working.
because that was not just .* but either to website path for an example :

Code:
<LocationMatch "/adminpanel/sidebar_option.php">
	SecRuleRemoveById 34xxx
	SecRuleRemoveById 34xxx
	SecRuleRemoveById 34xxx
</LocationMatch>
so i'd better waiting for your next 4.2.3 latest build update.
 

Karl

Active Member
#9
mod_security in 4.2.3 is completely broken based on our testing. You need to go back to 4.2.1 to get it working correctly.
 
Top