How to disable mod_security in .htaccess file

5 Flares Twitter 0 Facebook 4 Google+ 0 Pin It Share 1 5 Flares ×

It is quite common that mod_security is interfering the functions of your web applications. mod_security is installed and enabled by your web server admin but you can still disable it for your individual website using .htaccess file by following this tutorial.

mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications.” — HowtoForge

Disable mod_security in .htaccess file

  1. If you do not have one yet, an .htaccess file in the folder of your web application
  2. To disable mod_security COMPLETELY, add the following line to the .htaccess file:
    SecFilterEngine Off
    OR, to disable HTTP POST scanning only, use the following instead:
    SecFilterScanPOST Off
  3. Save the file and test your web application to check whether disabling mod_security has solved your problem.

I recommend you to try SecFilterScanPOST Off first, instead of disabling mod_security completely.

My two cents

mod_security is good to protect your website but it might cause some problems for certain web applications, especially in file uploads. My server has mod_security enabled and I encountered WordPress upload error: “HTTP error”. The SecFilterScanPOST Off solved the problem immediately. :)

5 Flares Twitter 0 Facebook 4 Google+ 0 Pin It Share 1 5 Flares ×

24 Responses to How to disable mod_security in .htaccess file

  1. Apple May 12, 2008 at 8:17 am #

    After upgrading to WP2.5, I also have the same HTTP error problem when I want to upload files to my host via WP. I tried the fix posted by HongKiat and even tried your solution, it all didn’t work and giving me a 500 internal server error.

    I already have a .htaccess file with the following setting:
    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /blog/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /blog/index.php [L]

    # END WordPress

    Any idea how I can fix this problem?

  2. Noorizam Shah May 12, 2008 at 8:44 am #

    until now, i still dont know how to solve this problem.

  3. Neo May 12, 2008 at 1:02 pm #

    This is one tactic that all web site owners should know.

  4. Syahid A. May 12, 2008 at 1:04 pm #

    I’ve experienced the same problem too and this is how I solve the problem. Nice to share it, Liew.

  5. zaifulzin May 13, 2008 at 1:45 am #

    Apple you should refer to your hosting technical support, some hosting not allowed full access to modified htaccess file. Some of recommend to me by other user before is to change the file name from .htaccess to _htaccess. I didnt try but you can try it yourself coz my problem solved when i file a complain to my hosting technical support. I believe they will do it for you.

    Zaiful Zin

  6. Apple May 13, 2008 at 5:16 am #

    @zaifulzin ,
    Thank you for the suggestion. I tried to contact my hosting technical support before, but I haven’t receive any feedback. Perhaps I should try again.

  7. nasrun May 13, 2008 at 11:49 am #

    Sorry for asking, I am newbies.

    Why should we disable this function? It is good for our website or blog?

  8. Diana Tan May 13, 2008 at 2:20 pm #

    I recently had to add some codes to my .htaccess to stop a redirection put in by an unauthorised bloke.

  9. LcF May 13, 2008 at 7:11 pm #

    @nasrun: mod_security is good to protect your website. However, if it conflict with your web application, we have to disable it. It is better to have mod_security enabled if you have the choice.

  10. nasrun May 13, 2008 at 7:18 pm #

    Thanks LiewCF for the information. It is very usefull..

  11. dicky May 14, 2008 at 4:14 pm #

    Doing so will immediately solve the file/image uploading problem. I face this problem before but after disable mod_security, i manage to solve this issue.

  12. e1d May 15, 2008 at 10:15 am #

    I think wordpress should create a default .htaccess file and put it together with thier installation. Because wordpress developer know their products so well and know whats good and whats bad for wordpress.

Add a comment

5 Flares Twitter 0 Facebook 4 Google+ 0 Pin It Share 1 5 Flares ×