## General help

This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.

Hello.
I'm getting the following block on a couple of sites that use Moodle:

Sat Jul 31 13:03:16 2010] [error] [client 85.54.146.59] ModSecurity: Access
denied with code 406 (phase 1). Match of "rx
^((??:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [id "960032"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [uri ""] [unique_id "8ZJS6ECDSyoAAD7JhSQAAAAK"] [Sat Jul 31 13:03:20 2010] [error] [client 85.54.146.59] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^((??:POS|GE)T|OPTIONS|HEAD))$" against "

This is really causing a problem.
Any ideas on how to stop this happening would be appreciated.
I have very little idea about Mod Security.
Thanks.

Average of ratings: -
Hello jobe,

http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/modsecurity-manual.html

Modsecutiry has a debug mode that facilitates the debug procedure. It does not block, but it logs what it would be blocked if the current policies were active. This way you can have you Moodle working, analyze the operations that will be blocked and correct the setting for modsecurity, all before you actually activate the policies.

hth

ED

Average of ratings: -

Thanks for getting back to me Emanuel.

I'm an absolute amateur with this so I asked ConfigServer to install the ConfigServer ModSec Control & I got rid of the specific rule & then, on finding this wasn't working, turned off Mod Security for the two sites that this block was happening. So far so good.

Is it really necessary to have Mod Security on a server?
I get the impression the main reason for Mod Security is to protect against vulnerable scripts - so if I have Moodle up to date - & there's nothing else installed on that site, there doesn't seem to be a need for Mod Security? Is that right?

I have the ConfigServer firewall installed as well.

Average of ratings: -
Hello again,

In my opinion ModSecurity is an extra security measure that can be helpful protecting your Moodle.

It is not that hard to implement once you get the hang of it. Anyway you don't need to turn it off, you can always ser it to debug mode and analyze the logs to see what it is blocking. All you have to do after that is to set some rules according to that to allow what is Moodle related.

Of course that if you have your Moodle always up to date, it is pretty safe. But be aware because there a lot of updates!

hth

ED

Average of ratings: -