Disabling Mod_Security

donwon

donwon

Active member
Do any of you totally disable mod-security for your XF forums?

We've been having issues on our new server and I think this is somewhat to blame. On our old server we had is totally disabled but our host is strongly advising against it.

Thoughts?
 
I worry about everything but I have other security measures in place and I am very vigilant about updating my server and all applications that run on my server.
 
I believe XF uses the finder system, which makes it secure against sql injections. However addons might use direct queries, which could be exploited potentially, if they don't use the finder system instead of direct queries.

I also believe many people disable mod security. But if you are unsure of it, either change your hosting company or live with it if you don't want to disable it.

A simple search shows that many peope disable it.
 
I have enabled mod_security with COMODO ModSecurity Apache Rule Set. Also disabled some ModSecurity™ rules because false block.
 
You must log in or register to reply here.

Similar threads

S
xf Proxy Function triggers Mod_security
Replies
1
Views
964
HWS
H
dethfire
mod_security caused problems with XF
Replies
1
Views
584
ForestForTrees
ForestForTrees
P
  • Question Question
Disabling mod_security on XenForo
Replies
7
Views
4K
Digital Doctor
Digital Doctor
cbertozz
  • Question Question
XF 1.1 Image uploads and Mod_security
Replies
2
Views
721
cbertozz
cbertozz
TheBigK
Dealing With Mod_Security With LightSpeed Web Server
2
Replies
31
Views
6K
Biker
Biker
Back
Top Bottom