ust to update this question for mod_security 2.7.0+ – they turned off the ability to mitigate modsec via htaccess unless you compile it with the –enable-htaccess-config flag. Most hosts do not use this compiler option since it allows too lax security. Instead, vhosts in httpd.conf are your go-to option for controlling modsec.
“mod_security2: In .htaccess file?”Continue reading
list of rules:
# ——————————————
# GOOGLE
# v 20170224-0002
Include /etc/csf/csf.allow-google
# ——————————————
“CSF: csf.allow – GOOGLE IP range”Continue reading
Add the following lines to your configuration:
“SSL/Apache/Nginx: Enabling Perfect Forward Secrecy”Continue reading
List of examples:
“mod_security2: grep log in cmdline”Continue reading
If mod_proxy is commented out but you are using php5. Tried putting this statement http.allowed_methods = GET & POST into /*/php.ini But it had no effect? The best solution was to add an location declarative with a LimitExcept. The location in the httpd-conf where to place this is very important.
“Stopping “connect” attacks: PHP vs Apache2″Continue reading