• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Disabling mod_security on XenForo

#1
Will adding these lines in htaccess completely disable mod_security on my XenForo community?

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
 

Slavik

XenForo moderator
Staff member
#2
Will adding these lines in htaccess completely disable mod_security on my XenForo community?

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
Depends what version of mod security it is.

However if its the right version yes, just place those entries before the XenForo rules.
 
#3
Depends what version of mod security it is.

However if its the right version yes, just place those entries before the XenForo rules.
I have Apache 2.x so it should be using mod_security 2.x.

Actually I have added those lines in htaccess (actually just removed the # from original) but I can't seem to upload files using Flash uploader.
Any ideas?
 

Digital Doctor

Well-known member
#8
The ModSecuirty rule 300016 was buffering the attachments in the log!
Weird but white-listing the rule solved the problem..
Can you describe how you whitelisted it ?
I've never heard of anyone getting rid of a mod_security problem via whitelisting. (I knew it was possible, but never seen any reports).
most people with mod_security on don't have this problem.
I wonder why you did.

https://www.modsecurity.org/tracker/browse/CORERULES-16
rule 300016 incorrectly matches "selection" word

What was your specific situation that was triggering 300016 ?