A list of tested mod_security rulesets

#21
I think there is no difference between 4.2.8 and previous version regarding this rule.
change
Code:
<LocationMatch /wp-login.php>
to
Code:
<LocationMatch ".*/wp-login.php">
should resolve
Code:
If my wordpress site is www.test.com/wp (or any subdirectory) the rule doesn't work
 
#23
put following in httpd.conf
Code:
<LocationMatch ".*/wp-login.php">
Order deny,allow
Deny from all
</LocationMatch>
I ran tests
/abc/wp-login.php
/wp-login.php
/xxx/wp-login.php/yyy
...
all of above have received "403 Forbidden" as expected, under both apache and litespeed.

of course, this only tests LocationMatch. not mod_security rule.
can do disable mod_security rule temporarily, and ran above tests on LocationMatch first?
 

edigest

Active Member
#26
I'd also like to know if possible.
or if anyone else could inform me what they are using and that is working would be great.
I use the Atomic ruleset. The following rules are incompatible:

00_asl_rbl.conf
00_asl_z_antievasion.conf
05_asl_scanner.conf
09_asl_rules.conf
11_asl_data_loss.conf
40_asl_apache2-rules.conf
98_asl_jitp.conf
99_asl_a_redactor.conf
99_asl_redactor.conf
99_asl_redactor_post.conf
99_asl_scanner.conf

I believe all of the others are fine, although I only use a subset of the remaining rules.
 
Top