It is quite common that
mod_security is interfering the functions of your web applications.
mod_security is installed and enabled by your web server admin but you can still disable it for your individual website using
.htaccess file by following this tutorial.
mod_securityis an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications.” — HowtoForge
Disable mod_security in .htaccess file
- If you do not have one yet, an
.htaccessfile in the folder of your web application
- To disable
mod_securityCOMPLETELY, add the following line to the .htaccess file:
OR, to disable HTTP POST scanning only, use the following instead:
- Save the file and test your web application to check whether disabling
mod_securityhas solved your problem.
I recommend you to try
SecFilterScanPOST Off first, instead of disabling
My two cents
mod_security is good to protect your website but it might cause some problems for certain web applications, especially in file uploads. My server has mod_security enabled and I encountered WordPress upload error: “HTTP error”. The
SecFilterScanPOST Off solved the problem immediately.