Disabling mod_security
Disabling mod_security
By Paul
Oct 11, 2012 (Edited Feb 03, 2014)
The so-called web application firewall mod_security is deployed by many web hosts, each with different rule sets. Although the core ruleset shipping with mod_security works great with WSN, many web hosts employ over-aggressive rulesets which kill all sorts of legitimate pages for such offenses as using a particular field name or uploading a file or typing something that looks like SQL in a form. If you're seeing 500 internal server errors or 403 forbidden errors which seem to happen randomly or when you type certain things in a form, it's likely you're seeing mod_security at work. In order to ensure that your site works correctly, you'll need to either get the ruleset fixed or get mod_security disabled.
reviously it was possible to disable with an .htaccess file, but most web hosts are now using mod_security 2 which can't be disabled from an .htaccess. Your only option is to ask your web host to disable the rule that was triggered on the particular page you see the error (or at least get them to say what rule was triggered and convey that to WSN support), or to ask your web host to disable mod_security entirely for your account.
By Paul
Oct 11, 2012 (Edited Feb 03, 2014)
reviously it was possible to disable with an .htaccess file, but most web hosts are now using mod_security 2 which can't be disabled from an .htaccess. Your only option is to ask your web host to disable the rule that was triggered on the particular page you see the error (or at least get them to say what rule was triggered and convey that to WSN support), or to ask your web host to disable mod_security entirely for your account.
Description | Stopping mod_security from killing pages with 403s or blanks. |
Rating | |
Views | 282 views. Averaging 0 views per day. |