Announcement

Collapse
No announcement yet.

How to disable mod_security from .htaccess?

Collapse

Unconfigured Ad Widget

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to disable mod_security from .htaccess?

    WordPress Hosting on SSD Servers
    How to disable mod_security from .htaccess in Linux?

    ModSecurity is an open source embeddable web application firewall, or intrusion detection and prevention engine for web applications
    ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure, by operating as an Apache Web server module mod_security or standalone, and thus increase web application security.
    Marc_AccuWebHosting
    Member
    Last edited by Marc_AccuWebHosting; 01-03-2018, 04:59 PM.

  • #2
    Re: How to disable mod_security from .htaccess?

    Hi,

    Just add the following code in your .htaccess:

    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>

    Comment


    • #3
      Re: How to disable mod_security from .htaccess?

      It is quite common that mod_security is interfering the functions of your web applications. mod_security is installed and enabled by your web server admin but you can still disable it for your individual website using .htaccess file by following this tutorial.

      Comment


      • #4
        Re: How to disable mod_security from .htaccess?

        Hi,

        If your domain hosted server is using Apache version 1 than you can only disable the mod security via .htaccess file but if your domain hosted server is using Apache version 2 than you can disable the mod security by using following code in servers main httpd.conf file under your domains virtual host entry.

        <IfModule mod_security2.c>
        SecRuleEngine Off
        </IfModule>

        Comment


        • #5
          Re: How to disable mod_security from .htaccess?

          mod_security is used to protect our website but it might cause some problems for certain web applications, especially in file uploads. My server has mod_security enabled and I encountered WordPress upload error: HTTP error
          admin
          Administrator
          Last edited by admin; 08-14-2015, 09:32 AM.

          Comment


          • #6
            Re: How to disable mod_security from .htaccess?

            Originally posted by ryan View Post
            How to disable mod_security from .htaccess?

            odSecurity is an open source embeddable web application firewall, or intrusion detection and prevention engine for web applications
            ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure, by operating as an Apache Web server
            module mod_security or standalone, and thus increase web application security
            If you’re using Apache web server (which mostly do), mod_security can be disabled by adding a specific in .htaccess file. Locate the .htaccess file in Apache web
            root directory (public_html or /var/www/ or others), if it does not exist, create a new file named .htaccess, and add in the following code:

            SecFilterEngine Off
            SecFilterScanPOST Off

            The above entries in the .htaccess will disable the ModSecurity (mod_security) module for the domain.
            I would like to recommend every one, do not disable the mod security for whole hosting account under which you are facing the problem. You can ask your host to disable the offending mod security rule because mod security is one of the greatest security tool to secure the web content to be hacked/injected..
            linux7802
            Junior Member
            Last edited by linux7802; 01-06-2012, 09:41 AM. Reason: bold character

            Comment


            • #7
              By Using this Code
              <IfModule mod_security2.c>
              SecRuleEngine Off
              </IfModule> you can secure your .htacess files Hire Linux Reseller Hosting with geturweb at best and affordable prices

              Comment


              • #8
                To Disable mod security

                <IfModule mod_security2.c>
                SecRuleEngine Off
                </IfModule>


                Regards,
                Christian
                System Admin

                Comment


                • #9
                  I generally first setup mod_security with EasyApache and the manually recompile and install mod_security over and replacing the Cpanel installation patched instead to disallow .htaccess overrides.

                  Comment


                  • #10
                    It is possible to do this, but most likely your host implemented mod_security for a reason. Be sure they approve of you disabling it for your own site.
                    That said, this should do it;
                    <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> I hope this helps

                    Comment


                    • #11
                      Web Hosting @ $5.95/Month
                      Create a .htaccess file in the root of your web directory. Then add the following:

                      <IfModule mod_security.c>

                      SecFilterEngine Off

                      SecFilterScanPOST Off

                      </IfModule>

                      Comment

                      Working...
                      X

                      Sign up for a News Letter Click here to sign up