This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Is there a mod_security Rule Set Exception list for the SilverStripe CMS?

752 Views

3dkiwi

Community Member, 18 Posts

14 February 2015 at 6:39pm

Edited: 14/02/2015 6:40pm

Hi all

I am hosting a SilverStripe based website behind an Apache based mod_security server. Access to the website itself and to the management pages seem to work OK with the standard mod_security Rule Set from OWASP. However, as soon as I try to edit the contents of a page and save it I get 403 Forbidden generated from mod_security. The errors seem to trip up on what mod_security see as SQL Injection issues.

As I started to make an exceptions list for the mod_security, for the various rule hits I was seeing, I wondered if i was reinventing the wheel and if anyone had already built a list of required exceptions for SilverStripe? I have come across a similar list for Wordpress and one for Drupal.

Cheers
Jim

Return to top