Latest Register Log In

+ Advanced Search

Disabling mod_security

Disabling mod_security
By
Oct 11, 2012 (Edited Feb 03, 2014)

The so-called web application firewall mod_security is deployed by many web hosts, each with different rule sets. Although the core ruleset shipping with mod_security works great with WSN, many web hosts employ over-aggressive rulesets which kill all sorts of legitimate pages for such offenses as using a particular field name or uploading a file or typing something that looks like SQL in a form. If you're seeing 500 internal server errors or 403 forbidden errors which seem to happen randomly or when you type certain things in a form, it's likely you're seeing mod_security at work. In order to ensure that your site works correctly, you'll need to either get the ruleset fixed or get mod_security disabled.

reviously it was possible to disable with an .htaccess file, but most web hosts are now using mod_security 2 which can't be disabled from an .htaccess. Your only option is to ask your web host to disable the rule that was triggered on the particular page you see the error (or at least get them to say what rule was triggered and convey that to WSN support), or to ask your web host to disable mod_security entirely for your account.




Description Stopping mod_security from killing pages with 403s or blanks.
Rating
Views 282 views. Averaging 0 views per day.