On new server for my website, a centOS, when i try to upload an image via PHP and the file name contains a special character, like "my'file.jpg", i get a forbidden page and i can't even try to handle the error via PHP
in log files i find
ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file "/etc/httpd/modsec/00_asl_zz_strict.conf"] [line "53"] [id "330793"] [rev "2"] [msg "Multipart request body failed strict validation: PE 0, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM , IQ 1, IH 0, IP 0, FL 0"] [severity "CRITICAL"]
before contacting server support team i would like to know if i can disable this rule for some directories via .htaccess or via Plesk 12 panel
I tried to add this in .htaccess in root folder, found from a similar question, but I get an internal sever error page
<Directory /var/www/vhosts/mydomain.com/httpdocs/test-file-upl>
<IfModule security2_module>
SecRuleRemoveById 330793
</IfModule>
</Directory>
in logs i found
[core:alert] /var/www/vhosts/mydomain.com/httpdocs/.htaccess: <Directory not allowed here
the error seem to appear even if i delete the IfModule security2_module part
Best Answer
You can't use
Directorydirectives in.htaccessfiles.The scope of settings in
.htaccessfiles is already defined by the directory the.htaccessfile is found in.In other words the settings in
/var/www/vhosts/mydomain.com/httpdocs/.htaccessare valid for the directory/var/www/vhosts/mydomain.com/httpdocs/and all subdirectories therein.If you want to apply settings to /var/www/vhosts/mydomain.com/httpdocs/test-file-upl you'll need to put your settings in a
/var/www/vhosts/mydomain.com/httpdocs/test-file-upl/.htaccessfile instead, which would look like:(Or even better, don't rely on .htaccess files at all and include your settings in your apache configuration files. )