How to have custom modsecurity conf stick?

sahostking · Sep 29, 2022

I had problem with uploading files on Directadmin server with mod_security enabled. I recieved errors like these:

ModSecurity: Request body (Content-Length) is larger than the configured limit (13107200)

Default in /etc/httpd/conf/extra/httpd-modsecurity.conf

SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072

If I customize this file with the following:

SecRequestBodyLimit 67108864
SecRequestBodyNoFilesLimit 1048576

Will it stick forever? or will some update or conf change cause this to "reset" back to defaults?
And if so how to make it stick.

Thanks

Dettol · Sep 29, 2022

Check this out:

ModSecurity + OWASP breaks phpMyAdmin - OWASPv3.4 may fix this

When you enable ModSecurity with the OWASP ruleset the phpMyAdmin (/phpMyAdmin/) is broken by the OWASP rules. In version 3.4 of the OWASP rules a new file and variable is introduced: https://github.com/coreruleset/coreruleset/blob/v3.4/dev/rules/REQUEST-903.9008-PHPMYADMIN-EXCLUSION-RULES.conf...

forum.directadmin.com

sahostking · Apr 30, 2023

Placed it in /etc/httpd/conf/extra/httpd-includes.conf - think it works fine.

How to have custom modsecurity conf stick?

sahostking

Verified User

Dettol

Verified User

ModSecurity + OWASP breaks phpMyAdmin - OWASPv3.4 may fix this

sahostking

Verified User