Oct 022008
If you’re going to be using Drupal with mod_security, making the following changes will probably save you some frustration later 
.
<LocationMatch “/”>
SecRuleRemoveById 960010
SecRuleRemoveById 960015
SecRuleRemoveById 960032
SecRuleRemoveById 950107
</LocationMatch>
Also, set SecResponseBodyLimit and SecRequestBodyInMemoryLimit to something like 51200000 and 12288000 respectively. They may seem a bit high, but if you’re managing a lot of Drupal users and permissions I’ve run into problems with them.
Happy Drupal-ing.
More From derek
- My new storage dilemma, resolved.
- Fixing “Camera Failed” on Samsung S Fascinate with custom firmware.
- Star Wars vs. Star Trek
derek Recommends
- Free Backlinks…..Get Backlinks Every Day! (Chad Nicely)
- Learn How To Sell ClickBank Products (Chad Nicely)
[...] Go to the author’s original blog: mod_security and Drupal 6.2 issues. [...]
Hi!
Please explain me why? What are these rules watching and which function are they blocking?
[...] Reconfigure mod_security [...]
Hi,
It would be great if you can post on why these rules are required. They were quite helpful for me. I linked them from this post http://drupal.org/node/717738#comment-2622358 but not so sure how to explain them
[...] gotten quite a few emails regarding my last post about Drupal and mod_security, and what those rules I'm removing actually do. Well, I'll [...]
After doing an hour of web research on this, here’s what I think is going on.
mod_security on Dreamhost (and possibly other hosting providers) ships with default rules that will intermittently bite Drupal users. Each of these rules is just a regex match on text in a node, or the URL being requested. The rule is triggered intermittently – a reload usually solves the problem (and fails to trigger the rule).
The “page” that is “not found” is not actually the page the user is looking for. It’s internal_error.html that is to be served when PHP dies prematurely, on account of being blocked by mod_security for this request. Creating the internal_error.html file in the Drupal root should fix that problem.
You can add the rules above to your .htaccess file for your site, if you don’t have root permissions on your server. Instead of using LocationMatch, which is not valid for .htaccess, use this instead:
SecRuleRemoveById 960010
SecRuleRemoveById 960015
SecRuleRemoveById 960032
SecRuleRemoveById 950107
Hope that helps. I have just made the change on my web server, and am waiting to see if any additional mod_security errors will be generated. (They look like “Premature end of script headers” in the httpd error.log)