How can I disable mod_security in .htaccess file?
It is possible to do this, but most likely your host implemented mod_security
for a reason. Be sure they approve of you disabling it for your own site.
That said, this should do it;
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
How to disable mod_security and mod_security2 in .htaccess
Displaying a message telling to contact server administrator will be the last thing to do. First of all I'll try one of this solutions for automatic config creation:
Create 2-3 sandboxed .htaccess configs in subfolders
- During plugin activation test configs one by one with simulated remote AJAX test
- Start from the best general settings config subfolder
- Check for AJAX proxy script calls and image, style etc. files access in this folder
- After finding successful(unblocking and not crashing) config, save selected .htaccess file to the folder containing AJAX proxy PHP file
- If none of the configs (or built-in wordpress AJAX script - not very reliable) is functional display an error telling to contact server admin to allow htaccess for given folder
OR
- Check loaded modules with PHP
- add SecRuleRemoveById id only if mod_security2 is present to prevent
basic mod_security crashing
Turn off mod_security for a page in shared hosting environment
Take a look at some mod_security and .htaccess tricks. There's a lot of different ways you can enable or disable mod_sceurity. The easiest may be to set the MODSEC_ENABLE
environment variable to On
or Off
. You can use SetEnvIf to match against a number of things including the Request_URI
:
SetEnvIf Request_URI your_page\.php$ MODSEC_ENABLE=Off
Or a number of pages:
SetEnvIf Request_URI ^/directory/file.*\.php$ MODSEC_ENABLE=Off
Or if you need to do something more complicated, like matching against a query string, using mod_rewrite:
RewriteEngine On
RewriteCond %{QUERY_STRING} example_param=example_value [NC]
RewriteRule ^path/your_file\.php$ - [E=MODSEC_ENABLE:Off]
Removing modsecurity rule via .htaccess
Is it really the saving of the file that is the problem? I find it hard to imagine, seeing as that isn't Apache's jurisdiction at atll. Isn't it rather the query being in a query string that is causing trouble?
You might be able to circumvent that e.g. by base64 encoding the query (if the 33% size increase doesn't test the URL's size limits), or storing the query in a session variable and passing only a unique random key pointing to the variable.
Edit: if you're really transmitting live SQL queries that you later execute - don't do it. It's exactly the reason why this mod_security filter exists.
either way, phpMyAdmin, a database management tool, has the same problem: It transmits live queries for running. There is a number of posts dealing with phpMyAdmin and mod_security. This one suggests a number of other filter IDs to disable. (Ideally, you would do this only for the one file that needs to receive the POST data.)
Related Topics
Zend_Form - Array Based Elements
Laravel Many to Many Self Referencing Table Only Works One Way
Fatal Error: Call to Undefined Function Pg_Connect()
How to Create Thumbnails or Preview for Videos
How to Keep Form Values After Post
If You Create a Variable Inside a If Statement Is It Available Outside the If Statement
Best Way to Determine If a File Is Empty (Php)
How to Display an Rtf File Inside a Web Page Using PHP
How to Find Error Log Files for PHP
In PHP, How to Call a Function Interpolated in String
Does the Condition After && Always Get Evaluated
Next Business Day of Given Date in PHP
Fatal Error: Allowed Memory Size of 268435456 Bytes Exhausted (Tried to Allocate 71 Bytes)
Pretty Urls Without Mod_Rewrite, Without .Htaccess
Concat Columns with Laravel 5 Eloquent