Overactive modsecurity rules help
I am currently reading up as fast as I can however which in the following rules would stop wordpress (php blog) from being able to edit .htaccess? If I can't find out a quick fix I will have to disable mod_security until i can read up further. I already had to switch POST payload checks off as it was preventing everyones blogs from operating.
Any help would be appreciated. Thanks
SecFilterEngine On
SecServerSignature " "
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding Off
SecFilterForceByteRange 1 255
SecAuditEngine RelevantOnly
SecAuditLog /var/log/audit_log
SecFilterScanPOST Off
SecFilterDefaultAction "deny,log,status:403"
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecFilter "wget\x20"
SecFilter "uname\x20-a"
SecFilter "cd[[
pace:]]/tmp"
SecFilter "cd[[pace:]]/var/tmp"
SecFilter "cd[[pace:]]/dev/shm"
SecFilter "<SCRIPT>"
SecFilter "gcc\x20-o"
SecFilter "cc\x20"
SecFilter "cpp\x20"
SecFilterSelective THE_REQUEST "system\("
SecFilterSelective THE_REQUEST "exec\("
SecFilterSelective THE_REQUEST "popen\("
SecFilterSelective THE_REQUEST "passthru\("
SecFilter "viewtopic\.php\?" chain
SecFilter "chr\(([0-9]{1,3})\)" "deny,log"
SecServerSignature " "
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding Off
SecFilterForceByteRange 1 255
SecAuditEngine RelevantOnly
SecAuditLog /var/log/audit_log
SecFilterScanPOST Off
SecFilterDefaultAction "deny,log,status:403"
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecFilter "wget\x20"
SecFilter "uname\x20-a"
SecFilter "cd[[
pace:]]/tmp"
SecFilter "cd[[
pace:]]/var/tmp"
SecFilter "cd[[
pace:]]/dev/shm"
SecFilter "<SCRIPT>"
SecFilter "gcc\x20-o"
SecFilter "cc\x20"
SecFilter "cpp\x20"
SecFilterSelective THE_REQUEST "system\("
SecFilterSelective THE_REQUEST "exec\("
SecFilterSelective THE_REQUEST "popen\("
SecFilterSelective THE_REQUEST "passthru\("
SecFilter "viewtopic\.php\?" chain
SecFilter "chr\(([0-9]{1,3})\)" "deny,log"
