I found information about an optional Apache module called mod_security. This is a very nice module that acts as an Apache firewall – it blocks a lot of the usual routes that people use to hack websites. In particular it scans POST requests (sent when you ‘save’ something on a website’), and displays a 406 error for anything controversial.

The solution was very simple. The following lines were added to the .htaccess file to disable mod_security:

SecFilterEngine Off
SecFilterScanPOST Off

In case if this didn't work, then create a conf file and disable mod_security for the domain. Follow the steps below

You have to create a individual rule for that domain. You can see the conf via Apache.


 Include "/usr/local/apache/conf/userdata/*.conf" Include "/usr/local/apache/conf/userdata/*.owner-root" Include "/usr/local/apache/conf/userdata/std/*.conf" Include "/usr/local/apache/conf/userdata/std/*.owner-root" Include "/usr/local/apache/conf/userdata/std/2/*.conf" Include "/usr/local/apache/conf/userdata/std/2/*.owner-root"


Now create a customized file to disable mod_security for that domain alone.

# cd /usr/local/apache/conf/userdata/std/2/ # mkdir USERNAME (e.g domain name is google.com and the username is goog then create a directory as goog)

# cd goog/ # mkdir google.com # cd google.com # touch mod_security2.conf # vi mod_security2.conf Now, add these lines in that file

SecRuleEngine Off

save and exit

Then restart apache
/etc/init.d/httpd restart

Leave a Reply