disable mod_security for a bridge.php script

Question

I want to use a regex pattern to disable mod_security of Apache for 2 scripts: bridge.php and mobile-bridge.php.

I think I can do it in a file named mod_security_whitelist.conf inside the configuration folder /etc/httpd/httpd/conf.d:

[ Please correct me if I am wrong somewhere ]

<IfModule mod_security2.c>
    # ModSecurity disabled for bridge.php and mobile-bridge.php scripts
    <DirectoryMatch "/home/websitename/public_html">
       <Files "([a-z],-)*bridge\.php$">
          SecRuleEngine Off
        </Files>
     </DirectoryMatch>
</IfModule>

score 2 · Accepted Answer · answered Mar 29 '14 at 16:47

If you know the files are in a specific location—such as right at the first path of the URL—then use something like LocationMatch:

<IfModule mod_security2.c>
  <LocationMatch /(mobile-bridge.php|bridge.php)>
    SecRuleEngine Off
  </LocationMatch>
</IfModule>

But there is a nice equivalent of that for files called FilesMatch that should work as well:

<IfModule mod_security2.c>
  <FilesMatch (mobile-bridge.php|bridge.php)>
    SecRuleEngine Off
  </FilesMatch >
</IfModule>

Or perhaps it would work like this:

<IfModule mod_security2.c>
  <FilesMatch "([a-z],-)*bridge\.php$">
    SecRuleEngine Off
  </FilesMatch >
</IfModule>

disable mod_security for a bridge.php script

1 Answers1