Databases
StackOverflow2013
Postsdbo
POHow to disable mod_security and mod_security2 in .htaccess
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow to disable mod_security and mod_security2 in .htaccess
    primarykey
    data
    text
    <p>I've created a Wordpress plugin which became popular but I'm getting lots of complaints that it's not working. After logging in to many user's WP websites(after asking for admin password) I noticed that the last problem I can't easily solve is mod_security and mod_security2 blocking some AJAX requests or .htaccess which is causing 500 error on some configurations.</p> <p>So first of all why is this piece of code causing some servers to return 500 error</p> <pre><code>&lt;IfModule mod_security2.c&gt; SecRuleRemoveById 300015 SecRuleRemoveById 300016 SecRuleRemoveById 300017 SecRuleRemoveById 950907 SecRuleRemoveById 950005 SecRuleRemoveById 950006 SecRuleRemoveById 960008 SecRuleRemoveById 960011 SecRuleRemoveById 960904 SecRuleRemoveById phpids-17 SecRuleRemoveById phpids-20 SecRuleRemoveById phpids-21 SecRuleRemoveById phpids-30 SecRuleRemoveById phpids-61 </code></pre> <p> on other servers removing rules by id this way is causing 500 error:</p> <pre><code>&lt;IfModule mod_security.c&gt; SecRuleRemoveById 300015 ... SecRuleRemoveById phpids-61 &lt;/IfModule&gt; </code></pre> <p>so for now the only working thing which is not causing any server to crash is</p> <pre><code>&lt;IfModule mod_security.c&gt; SecFilterEngine Off SecFilterScanPOST Off &lt;/IfModule&gt; </code></pre> <p>but it's not enough for servers with mod_security2 !</p> <p>How to write a cross-server .htaccess file, and what IF conditions should I add to disable mod_security and mod_security2 anywhere where it applies and not cause 500 errors on other configurations?</p> <p>Edit: Not only in Apache. Anywhere where .htaccess is used.</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USPawel
    1. USPawel
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POHow to disable mod_security and mod_security2 in .htaccess
      1. USPawel
      1. VTBountyStart
    2. VO
      singulars
      1. POHow to disable mod_security and mod_security2 in .htaccess
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POHow to disable mod_security and mod_security2 in .htaccess
      1. This table or related slice is empty.
      1. VTUpMod
    1. COIf a hoster uses mod_security in their environment, I guess they do it for a reason – so I doubt they would let just anyone disable it or alter its configuration via htaccess.
      singulars
      1. POHow to disable mod_security and mod_security2 in .htaccess
      1. USCBroe
    2. CO@CBroe mod_security is a good thing but it's set as a general rule for entire server that's why it's possible to make exceptions using htaccess. It's also buggy(sometimes allowing and denying access randomly) and breaks POST requests made with AJAX. This is a common problem in Wordpress plugins and most people using Wordpress don't know what mod_security is and blame plugin developers for their "broken" plugins.
      singulars
      1. POHow to disable mod_security and mod_security2 in .htaccess
      1. USPawel
    3. CO@Pawel: It is not always possible to solve communication and social problems with a technical measurement. Instead compile an easy to understand warticle that describes the issue, how a user can find out if the problem experienced is that problem, how to contact their hosters and what to ask them. Then kindly offer further individual support at the end of the document and your terms and conditions. If the plugins users are choosing such hosting, it's not your duty to patch around it. Same applies to Wordpress, too. And your users love this patchwork, otherwise they would not choose WP.
      singulars
      1. POHow to disable mod_security and mod_security2 in .htaccess
      1. UShakre
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload