{"id":3556,"date":"2014-03-28T10:36:25","date_gmt":"2014-03-28T10:36:25","guid":{"rendered":"https:\/\/unknownerror.org\/index.php\/2014\/03\/28\/how-to-disable-mod_security-and-mod_security2-in-htaccess-collection-of-common-programming-errors\/"},"modified":"2014-03-28T10:36:25","modified_gmt":"2014-03-28T10:36:25","slug":"how-to-disable-mod_security-and-mod_security2-in-htaccess-collection-of-common-programming-errors","status":"publish","type":"post","link":"https:\/\/unknownerror.org\/index.php\/2014\/03\/28\/how-to-disable-mod_security-and-mod_security2-in-htaccess-collection-of-common-programming-errors\/","title":{"rendered":"How to disable mod_security and mod_security2 in .htaccess-Collection of common programming errors"},"content":{"rendered":"

I’ve created a WordPress plugin which became popular but I’m getting lots of complaints that it’s not working. After logging in to many user’s WP websites(after asking for admin password) I noticed that the last problem I can’t easily solve is mod_security and mod_security2 blocking some AJAX requests or .htaccess which is causing 500 error on some configurations.<\/p>\n

So first of all why is this piece of code causing some servers to return 500 error<\/p>\n

\n  SecRuleRemoveById 300015\n  SecRuleRemoveById 300016\n  SecRuleRemoveById 300017\n  SecRuleRemoveById 950907\n  SecRuleRemoveById 950005\n  SecRuleRemoveById 950006\n  SecRuleRemoveById 960008\n  SecRuleRemoveById 960011\n  SecRuleRemoveById 960904\n  SecRuleRemoveById phpids-17\n  SecRuleRemoveById phpids-20\n  SecRuleRemoveById phpids-21\n  SecRuleRemoveById phpids-30\n  SecRuleRemoveById phpids-61\n<\/code><\/pre>\n
on other servers removing rules by id this way is causing 500 error:<\/p>\n
\n  SecRuleRemoveById 300015\n  ...\n  SecRuleRemoveById phpids-61\n\n<\/code><\/pre>\n
so for now the only working thing which is not causing any server to crash is<\/p>\n
\n  SecFilterEngine Off\n  SecFilterScanPOST Off\n\n<\/code><\/pre>\n
but it’s not enough for servers with mod_security2 !<\/p>\n
How to write a cross-server .htaccess file, and what IF conditions should I add to disable mod_security and mod_security2 anywhere where it applies and not cause 500 errors on other configurations?<\/p>\n
Edit: Not only in Apache. Anywhere where .htaccess is used.<\/p>\n","protected":false},"excerpt":{"rendered":"
I’ve created a WordPress plugin which became popular but I’m getting lots of complaints that it’s not working. After logging in to many user’s WP websites(after asking for admin password) I noticed that the last problem I can’t easily solve is mod_security and mod_security2 blocking some AJAX requests or .htaccess which is causing 500 error […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3556","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/3556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/comments?post=3556"}],"version-history":[{"count":0,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/3556\/revisions"}],"wp:attachment":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/media?parent=3556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/categories?post=3556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/tags?post=3556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}