Comments on: Mod_Security .htaccess tricks

By: AskApache

AskApache — Sun, 05 May 2013 03:13:11 +0000

The only way to do that would be to setup your syslog-ng, rsyslog, logwatch, logrotate, etc.. to parse the mod_security log files, then using that 3rd-party software you would trigger the logs. Could also do this with a simplistic bash shell script that runs via a cron job.

By: Juanda Saputra

Juanda Saputra — Thu, 02 May 2013 02:45:00 +0000

can i get help from you?.. i just looking for how to create rules in mod_security email alert automatically
when I get interference from outside, then mod_security will automatically send alerts to my email,
how do I make it?
Can you explain step by step?
im newbie at this, i need help from you
maybe you'll email me to juandasaputra2727@yahoo.com
thank you alot!

By: Aziz

Aziz — Tue, 13 Dec 2011 17:55:51 +0000

Nice write up, a bit optimistic for non-cms like platforms, but nevertheless informative. I've been in the trenches with mod_security and WordPress for the past week or so. Let me tell you that after debugging mod_security at level 5, you start dreaming in code. In any case I had to disable a lot of rules just to be able to login to the WordPress back-end; nevertheless, it was definitely worth it.

By: mistaecko

mistaecko — Thu, 01 Dec 2011 16:05:13 +0000

Starting from mod security version 2 htaccess files cannot be used to configure mod_security any more. It seems this decision was made out of security concerns - it allowed weakening / circumventing security rules defined higher up in the directory hierarchy and on server level.

By: Pradyumna Dandwate

Pradyumna Dandwate — Sun, 31 Jul 2011 01:23:30 +0000

Does this apply to mod_security version 2.1 as well. I had tried putting the Off filter but it didn't work. Drupal sucks a big time and my IP gets banned on my website everyday. can you help? The webhost guys won't disable mod_security from their end. Is there any way to deal with this situation?

By: Jehzeel Laurente

Jehzeel Laurente — Wed, 18 Nov 2009 00:22:06 +0000

Thank you so much for sharing this. However, I still can't disable mod_security. :( I also contacted the host and they seem to have no idea how to disable it. Weird. I still can't in my WP post with the words: WHERE, SELECT, JOIN and FROM. :(

By: Win/32 banning ips

Win/32 banning ips — Sun, 05 Jul 2009 18:52:44 +0000

Hi guys , Gals I enabled the auth-z module and I still can't ban ips with the order deny function in the .htaccess file any suggesttions?

I go to restart the server after .htaccess file has been modified and it crashes but then loads when I remove it.

By: AskApache

AskApache — Thu, 26 Feb 2009 22:07:45 +0000

Thank you anonymous DreamHost support staff. Maybe you could help me get my affiliate account unbanned? Did I mention I tell everyone how incredibly fast and helpful the DreamHost Support Staff are?

By: DH TS

DH TS — Mon, 12 Jan 2009 16:55:21 +0000

I work in Dreamhost`s Tech Support, and I came across this page while researching a ticket. You are now bookmarked my friend. Awesome stuff!

By: Nizzy

Nizzy — Sun, 21 Sep 2008 12:00:00 +0000

A challenging .htaccess question! How to create a random string by .htaccess? This is what I want to accomplish, any idea?

http://site.com -> redirects to -> http://site.com/.xyz123/