mod_security the Apache Module, The Apache Firewall blocking your website?

This Tutorial Has Been Viewed 4,111 Times.

Posted by admin on July 5, 2009, filed in: Apache

The reason behind this findings is simple.One of my website which should be up and running everyday without fail was pulling my legs for the past 7 days because it always goes down at one time or another after posting or deleting some topics or something related to that was done.I raised a ticket on my web hosting provider and they told some firewall is blocking my IP.Then i realized that their is some culprit in between my webserver and the enduser.It is the apache module mod_security which is very powerful and we can install it with the webservers of apache easily.So the next step was that i want to disable this guy for my users otherwise they will experience NetWork Time Out or 500ISE[Internal Server Error] or even 406 HTTP error.

This is a very nice module that acts as an Apache firewall – it blocks a lot of the usual routes that people use to hack websites. In particular it scans POST requests (sent when you ‘save’ something on a website’), and displays a 406 error for anything controversial.

The solution was very simple. The following lines were added to the .htaccess file to disable mod_security:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Naturally you loose any benefits that mod_security might bring, but that’s better than a non-functioning website, and you can always ask for the security configuration to be toned down to a more acceptable level.

Disable mod_security in .htaccess file

If you do not have one yet, an .htaccess file in the folder of your web application
To disable mod_security COMPLETELY, add the following line to the .htaccess file:
```
<IfModule mod_security.c>
```
```
SecFilterEngine Off
```
OR, to disable HTTP POST scanning only, use the following instead:
SecFilterScanPOST Off
```
</IfModule>
```
Save the file and test your web application to check whether disabling mod_security has solved your problem.

After a day long googling i found out the culprit that was not allowing me to access my website.I think i have fixed my issue and i think u also have found out the real culprit behind your access issue.

Rating: 10.0/10 (2 votes cast)

Rating: 0 (from 0 votes)

Incoming search terms:

mod_security benefits (4)
mod_security tutorial (4)
xampp modsecurity (4)
mod_security xampp (3)
benefits of mod_security (3)
status h in apache (3)
apache firewall module (3)
apache module firewall (2)
no contenttypes found on line 427 in (2)
apache firewall (2)
mod_security symfony (2)
xampp mod_security (2)
mod_security beifits (2)
mod_security for xampp (2)
mod_security lampp (1)
fpdf mod_security (1)
mod_security en xamp (1)
your firewall blocks appache (1)
mod_security2 windows xp xampp (1)
please wait without javascript mod_security (1)
some firewalls are blocking my website (1)
testing website mod_security (1)
web hosts mod_security is blocking ip addresses (1)
web page refresh one time code (1)
xampp mod-security (1)
problem posting % in textarea solved by commenting mod_security (1)
mod_security blocking scripts (1)
mod_sec xampp (1)
apache mod firewall (1)
apache module tutorials (1)
apache mod_firewall (1)
apache mod_security xampp (1)
apache tutorial blocks (1)
apache disable HTTP POST (1)
benfits of mod_security#hl=en (1)
disable mod_security xampp (1)
disable mod_security2 htaccess for certain ip (1)
Disable TRACK|TRACE mod_security (1)
enable mod_security xampp (1)
firefox jquery post mod_security 406 (1)

You will also be interested in ,

Tags: Apache, Domain

« Previous

Fix 500 Internal Server Error In WordPress

How To Avoid 404 Error Pages Easily and Reliably

M	T	W	T	F	S	S
« Jan
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29