Andy Broomfield Web Dev

Following has stopped working for mod_security and views conflict... :-( Trying to debug with fustration.

### Some rules are currently too strict and are blocking legitimate users
### We only disable it for URLs that contain the regex below
### The regex below should be placed between "m#" and "#"
<IfModule mod_security.c>
<If "%{REQUEST_URI} =~ m#/views/ajax#">
SecFilterEngine Off
SecFilterScanPOST Off
</If>
</IfModule>

#Drupal #DrupalViews #ModSecurity

Apr 25, 2019 at 4:07pmWeb
Show threadAndy Broomfield Web DevApr 25, 2019

Solution if to use LocationMatch

<IfModule mod_security.c>
<LocationMatch "^/views/ajax(.*)">
SecFilterScanPOST Off
</LocationMatch>
</IfModule>

(also only need to turn of scan post (and may be able to turn off specific rules but need to check that).

#Drupal #DrupalViews #ModSecurity