How to disable mod_security from .htaccess?

**d2hsean** · 02-05-2010, 11:42 PM

Re: How to disable mod_security from .htaccess?

Hi,

Just add the following code in your .htaccess:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

**Nashflower** · 07-27-2010, 11:33 PM

Re: How to disable mod_security from .htaccess?

It is quite common that mod_security is interfering the functions of your web applications. mod_security is installed and enabled by your web server admin but you can still disable it for your individual website using .htaccess file by following this tutorial.

**linux7802** · 10-09-2010, 02:28 PM

Re: How to disable mod_security from .htaccess?

Hi,

If your domain hosted server is using Apache version 1 than you can only disable the mod security via .htaccess file but if your domain hosted server is using Apache version 2 than you can disable the mod security by using following code in servers main httpd.conf file under your domains virtual host entry.

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

**Crish Bronzs** · 02-18-2011, 01:51 AM

Re: How to disable mod_security from .htaccess?

mod_security is used to protect our website but it might cause some problems for certain web applications, especially in file uploads. My server has mod_security enabled and I encountered WordPress upload error: HTTP error

**linux7802** · 01-06-2012, 09:40 AM

Re: How to disable mod_security from .htaccess?

Originally posted by ryan View Post

How to disable mod_security from .htaccess?

odSecurity is an open source embeddable web application firewall, or intrusion detection and prevention engine for web applications
ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure, by operating as an Apache Web server
module mod_security or standalone, and thus increase web application security
If you’re using Apache web server (which mostly do), mod_security can be disabled by adding a specific in .htaccess file. Locate the .htaccess file in Apache web
root directory (public_html or /var/www/ or others), if it does not exist, create a new file named .htaccess, and add in the following code:

SecFilterEngine Off
SecFilterScanPOST Off

The above entries in the .htaccess will disable the ModSecurity (mod_security) module for the domain.

I would like to recommend every one, do not disable the mod security for whole hosting account under which you are facing the problem. You can ask your host to disable the offending mod security rule because mod security is one of the greatest security tool to secure the web content to be hacked/injected..

**geturweb** · 03-03-2016, 02:29 AM

By Using this Code
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule> you can secure your .htacess files Hire Linux Reseller Hosting with geturweb at best and affordable prices

**ChristianC123** · 06-11-2017, 05:14 PM

To Disable mod security

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

Regards,
Christian
System Admin

**stanliv** · 10-06-2019, 02:12 PM

I generally first setup mod_security with EasyApache and the manually recompile and install mod_security over and replacing the Cpanel installation patched instead to disallow .htaccess overrides.

**RuskinF** · 05-26-2020, 11:05 AM

It is possible to do this, but most likely your host implemented mod_security for a reason. Be sure they approve of you disabling it for your own site.
That said, this should do it;
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> I hope this helps

**WarnerK** · 06-04-2020, 04:29 AM

Create a .htaccess file in the root of your web directory. Then add the following:

<IfModule mod_security.c>

SecFilterEngine Off

SecFilterScanPOST Off

</IfModule>

How to disable mod_security from .htaccess?

Unconfigured Ad Widget

How to disable mod_security from .htaccess?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment