Add note to reverse_proxy.md about disabling Apache's mod_security2 (#8375)

This change adds a note and a few lines of configuration settings for Apache users to disable ModSecurity for Synapse's virtual hosts. With ModSecurity enabled and running with its default settings, Matrix clients are unable to send chat messages through the Synapse installation. With this change, ModSecurity can be disabled only for the Synapse virtual hosts.
author: Julian Fietkau <1278511+jfietkau@users.noreply.github.com> 2020-09-23 12:14:08 +0200
committer: GitHub <noreply@github.com> 2020-09-23 11:14:08 +0100
commit: a4e63e5a47a855884ae3aea41dfbfa464bddb744 (patch)
tree: 8f377a9cf50908bdd6c85096f27e207956b880de /docs
parent: Fixed a bug with reactivating users with the admin API (#8362) (diff)
download: synapse-a4e63e5a47a855884ae3aea41dfbfa464bddb744.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/reverse_proxy.md b/docs/reverse_proxy.md
index edd109fa7b..46d8f35771 100644
--- a/docs/reverse_proxy.md
+++ b/docs/reverse_proxy.md
@@ -121,6 +121,14 @@ example.com:8448 {
 
 **NOTE**: ensure the  `nocanon` options are included.
 
+**NOTE 2**: It appears that Synapse is currently incompatible with the ModSecurity module for Apache (`mod_security2`). If you need it enabled for other services on your web server, you can disable it for Synapse's two VirtualHosts by including the following lines before each of the two `</VirtualHost>` above:
+
+```
+<IfModule security2_module>
+    SecRuleEngine off
+</IfModule>
+```
+
 ### HAProxy
 
 ```
author	Julian Fietkau <1278511+jfietkau@users.noreply.github.com>	2020-09-23 12:14:08 +0200
committer	GitHub <noreply@github.com>	2020-09-23 11:14:08 +0100
commit	a4e63e5a47a855884ae3aea41dfbfa464bddb744 (patch)
tree	8f377a9cf50908bdd6c85096f27e207956b880de /docs
parent	Fixed a bug with reactivating users with the admin API (#8362) (diff)
download	synapse-a4e63e5a47a855884ae3aea41dfbfa464bddb744.tar.xz