View more context

 

andante

havent used it myself, but i can offer my opinion on whether it would be a good idea - i think the answer is "if you trust the people in your admin section"

andante

basically, my view is that you need to trust them to some degree, right? if you are letting them publish pages and upload files, you have already opened yourself up to so many attack vectors, that turning off mod_security seems to be a negligible change

Joe

if they’ve authenticated, I don’t need to block their request

Joe

if they’re not, though, that’s really when I want ModSecurity to kick in

andante

https://stackoverflow.com/a/46045010 could be the answer

Show 1 attachment(s)
Stack Overflow  
Disable mod_security by requested URL

I use mod_security with Apache 2.4. On this platform we have an ecommerce system using the following URL for its administrative tools: http://www.tld.com/en/backend I want to achive to goals: Ac...

Hide attachment content
Joe

well crap - turning off the rules in the virtualhost config doesn’t seem to stop the request from getting blocked