Menu
How can we disable mod_security by using .htaccess file on Apache server?
I am using WordPress on my personal domain and posting a post which content has some code block and as per my hosting provider said mod_security gives an error and my IP has gone into firewall because of mod_security.
So I want to disable mod_security by using .htaccess file.
453
We will not recommend to disable Mod-Security on your account. Mod_security module helps to protect your website from various attacks. If mod-security is disabled on your account, your website will be at risk from vulnerabilities.
How do you turn off ModSecurity rules based on IP? You can turn off ModSecurity rules based on IP. Get your public IP by using https://anto.online/tools/what-is-my-public-ip/. You can find this configuration file in: /etc/modsecurity/modsecurity.
Mod_security is an apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule sets and is enabled on all InMotion web hosting plans.
ModSecurity is a free and open source web application that started out as an Apache module and grew to a fully-fledged web application firewall. It works by inspecting requests sent to the web server in real time against a predefined rule set, preventing typical web application attacks like XSS and SQL Injection.
It is possible to do this, but most likely your host implemented mod_security for a reason. Be sure they approve of you disabling it for your own site.
That said, this should do it;
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> On some servers and web hosts, it's possible to disable ModSecurity via .htaccess, but be aware that you can only switch it on or off, you can't disable individual rules.
But a good practice that still keeps your site secure is to disable it only on specific URLs, rather than your entire site. You can specify which URLs to match via the regex in the <If> statement below...
### DISABLE mod_security firewall ### Some rules are currently too strict and are blocking legitimate users ### We only disable it for URLs that contain the regex below ### The regex below should be placed between "m#" and "#" ### (this syntax is required when the string contains forward slashes) <IfModule mod_security.c> <If "%{REQUEST_URI} =~ m#/admin/#"> SecFilterEngine Off SecFilterScanPOST Off </If> </IfModule> If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
