mod_security breaking ispc

Discussion in 'Installation/Configuration' started by rickconn, Aug 7, 2007.

  1. rickconn

    rickconn New Member

    Gday Team,

    I have debian etch with ispc 2.2.14

    I have installed mod_security 2.1.1-0

    I am concerned about breaking somthing in ispc.

    I found the following in my log file.

    The following entry relates to the domain for ispconfig not for hosted domains.
    These errors are 'CRITICAL' and I guess it means ispconf will not be able to
    do something it need to.

    [07/Aug/2007:01:15:13 +1000] [][rid#856aab8][/][2]
    Warning. Match of "rx OPTIONS" against "REQUEST_METHOD" required. [id "960015"]
    [msg "Request Missing an Accept Header"] [severity "CRITICAL"]

    After commenting out The above rule, I get the following 'critical' error

    [07/Aug/2007:01:19:48 +1000] [][rid#857f5f8][/][2]
    Warning. Match of "rx ^((?:(?:pOS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [id "960032"]
    [msg "Method is not allowed by policy"] [severity "CRITICAL"]

    After comment out both rules, I have no more errors for my ispconfig domain,
    however I also do not have those rules being applied to my hosted domains.

    Can someone please help with writing a rule to exclude ispconfigs domain only,
    so the above rule can be used again.

    Thankyou for your time and effort.

    Rick :cool:
  2. AlArenal

    AlArenal New Member

    ISPC comes with it's own apache webserver. So if you install mod_security on Debian Etch, it is "only" integrated in the distribution's apache serving the webpages, not within ISPC's apache.

Share This Page