This option will reset the home page of this site. Restoring any closed widgets or categories.

Reset
Home  »  mod_security the Apache Module, The Apache Firewall blocking your website?

mod_security the Apache Module, The Apache Firewall blocking your website?

Tagged with:     

The reason behind this findings is simple.One of my website which should be up and running everyday without fail was pulling my legs for the past 7 days because it always goes down at one time or another after posting or deleting some topics or something related to that was done.I raised a ticket on my web hosting provider and they told some firewall is blocking my IP.Then i realized that their is some culprit in between my webserver and the enduser.It is the apache module mod_security which is very powerful and we can install it with the webservers of apache easily.So the next step was that i want to disable this guy for my users otherwise they will experience NetWork Time Out or 500ISE[Internal Server Error] or even 406 HTTP error.

This is a very nice module that acts as an Apache firewall – it blocks a lot of the usual routes that people use to hack websites. In particular it scans POST requests (sent when you ‘save’ something on a website’), and displays a 406 error for anything controversial.

The solution was very simple. The following lines were added to the .htaccess file to disable mod_security:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Naturally you loose any benefits that mod_security might bring, but that’s better than a non-functioning website, and you can always ask for the security configuration to be toned down to a more acceptable level.

Disable mod_security in .htaccess file

  1. If you do not have one yet, an .htaccess file in the folder of your web application
  2. To disable mod_security COMPLETELY, add the following line to the .htaccess file:
  3. <IfModule mod_security.c>
  4. SecFilterEngine Off

    OR, to disable HTTP POST scanning only, use the following instead:
    SecFilterScanPOST Off

  5. </IfModule>
  6. Save the file and test your web application to check whether disabling mod_security has solved your problem.

After a day long googling i found out the culprit that was not allowing me to access my website.I think i have fixed my issue and i think u also have found out the real culprit behind your access issue.

VN:F [1.5.7_846]
Rating: 10.0/10 (1 vote cast)
VN:F [1.5.7_846]
Rating: 0 (from 0 votes)

Related posts:

  1. Disable the TRACE and TRACK For More Security
  2. Adding Handlers Directly In httpd.conf Of Apache
  3. Adding apache handlers in cpanel
  4. Speed up wordpress using .htaccess part 1
  5. Apache AddHandler application/x-httpd-php not working?
  6. Fix 500 Internal Server Error In WordPress
  7. Custom Error Pages Using .htaccess

Tagged with:     

Leave a Reply

Comments (required)

Spam Protected