It is quite common that mod_security is interfering the functions of your web applications. mod_security is installed and enabled by your web server admin but you can still disable it for your individual website using .htaccess file by following this tutorial.
“
mod_securityis an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications.” — HowtoForge
Disable mod_security in .htaccess file
- If you do not have one yet, an
.htaccessfile in the folder of your web application - To disable
mod_securityCOMPLETELY, add the following line to the .htaccess file:
SecFilterEngine Off
OR, to disable HTTP POST scanning only, use the following instead:
SecFilterScanPOST Off - Save the file and test your web application to check whether disabling
mod_securityhas solved your problem.
I recommend you to try SecFilterScanPOST Off first, instead of disabling mod_security completely.
My two cents
mod_security is good to protect your website but it might cause some problems for certain web applications, especially in file uploads. My server has mod_security enabled and I encountered WordPress upload error: “HTTP error”. The SecFilterScanPOST Off solved the problem immediately. 
After upgrading to WP2.5, I also have the same HTTP error problem when I want to upload files to my host via WP. I tried the fix posted by HongKiat and even tried your solution, it all didn’t work and giving me a 500 internal server error.
I already have a .htaccess file with the following setting:
# BEGIN WordPress
RewriteEngine On
RewriteBase /blog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
# END WordPress
Any idea how I can fix this problem?
until now, i still dont know how to solve this problem.
This is one tactic that all web site owners should know.
I’ve experienced the same problem too and this is how I solve the problem. Nice to share it, Liew.
Apple you should refer to your hosting technical support, some hosting not allowed full access to modified htaccess file. Some of recommend to me by other user before is to change the file name from .htaccess to _htaccess. I didnt try but you can try it yourself coz my problem solved when i file a complain to my hosting technical support. I believe they will do it for you.
Zaiful Zin
@zaifulzin ,
Thank you for the suggestion. I tried to contact my hosting technical support before, but I haven’t receive any feedback. Perhaps I should try again.
Sorry for asking, I am newbies.
Why should we disable this function? It is good for our website or blog?
I recently had to add some codes to my .htaccess to stop a redirection put in by an unauthorised bloke.
@nasrun: mod_security is good to protect your website. However, if it conflict with your web application, we have to disable it. It is better to have mod_security enabled if you have the choice.
Thanks LiewCF for the information. It is very usefull..
Doing so will immediately solve the file/image uploading problem. I face this problem before but after disable mod_security, i manage to solve this issue.
I think wordpress should create a default .htaccess file and put it together with thier installation. Because wordpress developer know their products so well and know whats good and whats bad for wordpress.