How to disable mod_security from .htaccess?

Collapse

Unconfigured Ad Widget

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • ryan
    Member
    • Jun 2008
    • 96

    How to disable mod_security from .htaccess?

    How to disable mod_security from .htaccess in Linux?

    ModSecurity is an open source embeddable web application firewall, or intrusion detection and prevention engine for web applications
    ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure, by operating as an Apache Web server module mod_security or standalone, and thus increase web application security.
    Last edited by Marc_AccuWebHosting; 01-03-2018, 04:59 PM.
  • d2hsean
    Junior Member
    • Jan 2010
    • 10

    #2
    Re: How to disable mod_security from .htaccess?

    Hi,

    Just add the following code in your .htaccess:

    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>

    Comment

    • Nashflower
      Junior Member
      • May 2010
      • 3

      #3
      Re: How to disable mod_security from .htaccess?

      It is quite common that mod_security is interfering the functions of your web applications. mod_security is installed and enabled by your web server admin but you can still disable it for your individual website using .htaccess file by following this tutorial.

      Comment

      • linux7802
        Junior Member
        • Dec 2009
        • 16

        #4
        Re: How to disable mod_security from .htaccess?

        Hi,

        If your domain hosted server is using Apache version 1 than you can only disable the mod security via .htaccess file but if your domain hosted server is using Apache version 2 than you can disable the mod security by using following code in servers main httpd.conf file under your domains virtual host entry.

        <IfModule mod_security2.c>
        SecRuleEngine Off
        </IfModule>

        Comment

        • Crish Bronzs
          Member
          • Jan 2011
          • 40

          #5
          Re: How to disable mod_security from .htaccess?

          mod_security is used to protect our website but it might cause some problems for certain web applications, especially in file uploads. My server has mod_security enabled and I encountered WordPress upload error: HTTP error
          Last edited by admin; 08-14-2015, 09:32 AM.

          Comment

          • linux7802
            Junior Member
            • Dec 2009
            • 16

            #6
            Re: How to disable mod_security from .htaccess?

            Originally posted by ryan View Post
            How to disable mod_security from .htaccess?

            odSecurity is an open source embeddable web application firewall, or intrusion detection and prevention engine for web applications
            ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure, by operating as an Apache Web server
            module mod_security or standalone, and thus increase web application security
            If you’re using Apache web server (which mostly do), mod_security can be disabled by adding a specific in .htaccess file. Locate the .htaccess file in Apache web
            root directory (public_html or /var/www/ or others), if it does not exist, create a new file named .htaccess, and add in the following code:

            SecFilterEngine Off
            SecFilterScanPOST Off

            The above entries in the .htaccess will disable the ModSecurity (mod_security) module for the domain.
            I would like to recommend every one, do not disable the mod security for whole hosting account under which you are facing the problem. You can ask your host to disable the offending mod security rule because mod security is one of the greatest security tool to secure the web content to be hacked/injected..
            Last edited by linux7802; 01-06-2012, 09:41 AM. Reason: bold character

            Comment

            • geturweb
              Junior Member
              • Mar 2016
              • 1

              #7
              By Using this Code
              <IfModule mod_security2.c>
              SecRuleEngine Off
              </IfModule> you can secure your .htacess files Hire Linux Reseller Hosting with geturweb at best and affordable prices

              Comment

              • ChristianC123
                Junior Member
                • Jun 2017
                • 1

                #8
                To Disable mod security

                <IfModule mod_security2.c>
                SecRuleEngine Off
                </IfModule>


                Regards,
                Christian
                System Admin

                Comment

                • stanliv
                  Junior Member
                  • Oct 2019
                  • 3

                  #9
                  I generally first setup mod_security with EasyApache and the manually recompile and install mod_security over and replacing the Cpanel installation patched instead to disallow .htaccess overrides.

                  Comment

                  • RuskinF
                    Banned
                    • May 2020
                    • 18

                    #10
                    It is possible to do this, but most likely your host implemented mod_security for a reason. Be sure they approve of you disabling it for your own site.
                    That said, this should do it;
                    <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> I hope this helps

                    Comment

                    • WarnerK
                      Banned
                      • May 2020
                      • 34

                      #11
                      AccuWeb.Cloud
                      Create a .htaccess file in the root of your web directory. Then add the following:

                      <IfModule mod_security.c>

                      SecFilterEngine Off

                      SecFilterScanPOST Off

                      </IfModule>

                      Comment

                      Working...
                      X