On new server for my website, a centOS, when i try to upload an image via PHP and the file name contains a special character, like "my'file.jpg", i get a forbidden page and i can't even try to handle the error via PHP
in log files i find
ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file "/etc/httpd/modsec/00_asl_zz_strict.conf"] [line "53"] [id "330793"] [rev "2"] [msg "Multipart request body failed strict validation: PE 0, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM , IQ 1, IH 0, IP 0, FL 0"] [severity "CRITICAL"]
before contacting server support team i would like to know if i can disable this rule for some directories via .htaccess or via Plesk 12 panel
I tried to add this in .htaccess in root folder, found from a similar question, but I get an internal sever error page
<Directory /var/www/vhosts/mydomain.com/httpdocs/test-file-upl>
<IfModule security2_module>
SecRuleRemoveById 330793
</IfModule>
</Directory>
in logs i found
[core:alert] /var/www/vhosts/mydomain.com/httpdocs/.htaccess: <Directory not allowed here
the error seem to appear even if i delete the IfModule security2_module part
Best Answer
You can't use
Directory
directives in.htaccess
files.The scope of settings in
.htaccess
files is already defined by the directory the.htaccess
file is found in.In other words the settings in
/var/www/vhosts/mydomain.com/httpdocs/.htaccess
are valid for the directory/var/www/vhosts/mydomain.com/httpdocs/
and all subdirectories therein.If you want to apply settings to /var/www/vhosts/mydomain.com/httpdocs/test-file-upl you'll need to put your settings in a
/var/www/vhosts/mydomain.com/httpdocs/test-file-upl/.htaccess
file instead, which would look like:(Or even better, don't rely on .htaccess files at all and include your settings in your apache configuration files. )