1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disabling mod_security on XenForo

Discussion in 'XenForo Questions and Support' started by planetmaster, Dec 3, 2012.

  1. planetmaster

    planetmaster Member

    Will adding these lines in htaccess completely disable mod_security on my XenForo community?

    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
  2. Slavik

    Slavik XenForo Moderator Staff Member

    Depends what version of mod security it is.

    However if its the right version yes, just place those entries before the XenForo rules.
  3. planetmaster

    planetmaster Member

    I have Apache 2.x so it should be using mod_security 2.x.

    Actually I have added those lines in htaccess (actually just removed the # from original) but I can't seem to upload files using Flash uploader.
    Any ideas?
  4. Digital Doctor

    Digital Doctor Well-Known Member

    What browser (have you tried IE, FF, Chrome ?)
    What are you uploading ?
    Jake Bunce likes this.
  5. planetmaster

    planetmaster Member

    It was another mod_security interference!
    I have white-listed the triggered rule.
    Jake Bunce likes this.
  6. Digital Doctor

    Digital Doctor Well-Known Member

    Fill us in on the details.
    Jake Bunce likes this.
  7. planetmaster

    planetmaster Member

    The ModSecuirty rule 300016 was buffering the attachments in the log!
    Weird but white-listing the rule solved the problem..
    Jake Bunce likes this.
  8. Digital Doctor

    Digital Doctor Well-Known Member

    Can you describe how you whitelisted it ?
    I've never heard of anyone getting rid of a mod_security problem via whitelisting. (I knew it was possible, but never seen any reports).
    most people with mod_security on don't have this problem.
    I wonder why you did.

    rule 300016 incorrectly matches "selection" word

    What was your specific situation that was triggering 300016 ?
    Jake Bunce likes this.

Share This Page