Title: Disable mod security Last modified: August 19, 2016 --- # Disable mod security * Resolved [djdavedawson](https://wordpress.org/support/users/djdavedawson/) * (@djdavedawson) * [17 years, 2 months ago](https://wordpress.org/support/topic/disable-mod-security/) * Hello, * I am having the select f r o m issue and I’ve tried disabling mod security using these htaccess commands: * SecFilterInheritance Off * and * SecFilterEngine off * SecFilterEngine off * but none of them seem to work. * Any ideas ? * Thanks Viewing 15 replies - 1 through 15 (of 15 total) * [Samuel B](https://wordpress.org/support/users/samboll/) * (@samboll) * [17 years, 2 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1031991) * just * `SecFilterScanPOST Off` * or * `SecFilterEngine Off` * nothing else * Thread Starter [djdavedawson](https://wordpress.org/support/users/djdavedawson/) * (@djdavedawson) * [17 years, 2 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1031992) * Does this go in the root .htaccess or in the wp-admin ? * Thread Starter [djdavedawson](https://wordpress.org/support/users/djdavedawson/) * (@djdavedawson) * [17 years, 2 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1031996) * I tried in both and I am still getting 500 errors. * Do I need to change anything in mod_security to allow these commands to work? * [Samuel B](https://wordpress.org/support/users/samboll/) * (@samboll) * [17 years, 2 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032013) * that should go in .htaccess in root and work shouldn’t need to change anything else * are you positive this is the problem? * Thread Starter [djdavedawson](https://wordpress.org/support/users/djdavedawson/) * (@djdavedawson) * [17 years, 2 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032041) * It turns out I have mod_security 2 and ms2 does not support .htaccess overrides. * More on that here: * [http://www.drak.net/news/2009/01/05/mod-security-override-no-longer-works/](http://www.drak.net/news/2009/01/05/mod-security-override-no-longer-works/) * So I had to edit my whitelist.conf here: * /usr/local/apache/conf/modsec2/whitelist.conf * and I added * SecRuleRemoveById 300015 3000016 3000017 * SecRuleRemoveById 300015 3000016 3000017 * SecRuleRemoveById 300015 300016 300017 * Now it works like I need it to. * Hope that helps for someone * [Samuel B](https://wordpress.org/support/users/samboll/) * (@samboll) * [17 years, 2 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032055) * thanks for that resolution – it’s good to know can you resolve the topic for future searches? * Thread Starter [djdavedawson](https://wordpress.org/support/users/djdavedawson/) * (@djdavedawson) * [17 years, 2 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032240) * Here’s an update … I posted too many zeros in the one above. * Here is what you need: * SecRuleRemoveById 300015 300016 300017 * SecRuleRemoveById 300015 300016 300017 * SecRuleRemoveById 300015 300016 300017 * [nissag](https://wordpress.org/support/users/nissag/) * (@nissag) * [16 years, 11 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032355) * Thanks SamBoll, * Your fix worked for me. * Nissa * [figaro](https://wordpress.org/support/users/figaro/) * (@figaro) * [16 years, 11 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032357) * [@djdavedawson](https://wordpress.org/support/users/djdavedawson/): Thanks a million…your solution cleared the problem I described below. * [http://wordpress.org/support/topic/285734?replies=7](http://wordpress.org/support/topic/285734?replies=7) * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [16 years, 9 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032362) * I’ve got 6 blogs on my server, all for different accounts and with the blogs in different places (/blog, /wp, etc etc). Is there anything special I need to do with the location match to make them all work? * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [16 years, 9 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032364) * DP: I bit the bullet and put that in. Seems to be working (or at least no one’s kvetched yet and everyone can still post). * [pcshost](https://wordpress.org/support/users/pcshost/) * (@pcshost) * [16 years, 7 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032381) * How did the fix actually work for others? The mod security ID’s should be different unless everyone’s running the same script. And there’s no path I’ve seen in my server for a whitelist.conf. How does the httpd.conf know it’s there? * [ciuly](https://wordpress.org/support/users/ciuly/) * (@ciuly) * [16 years, 7 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032382) * you need to “Include conf/path/to/whitelist.conf” in your modsecurity.conf file. the IDs represent the IDs of the rules. as a side note, I am a new user of modesecurity( MS) and from what I see in my modsec_audit.log none of those IDs appear there. though I did see some phpids-30 and -60 and such there. * on other note, this is not working on WP 2.8.5 and MS 2.5.10 with core ruleset 2.0.2 I am getting 403 forbidden when trying to post from admin panel. this really sucks if you ask me. * I got my whitelist.conf file to look like this: * ``` SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 SecRuleRemoveById 960010 960012 950006 ``` * I am inlcuding the whitelist.conf from the end of the MS conf. not sure if that’s right or if the IDs have changed. * [ciuly](https://wordpress.org/support/users/ciuly/) * (@ciuly) * [16 years, 7 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032383) * update: the following seems to have solved the posting problem but there are still things that don’t work right (plugins and themes to name a couple) * ``` SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 SecRuleRemoveById phpids-17 SecRuleRemoveById phpids-20 SecRuleRemoveById phpids-21 SecRuleRemoveById phpids-30 SecRuleRemoveById phpids-61 SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 SecRuleRemoveById phpids-17 SecRuleRemoveById phpids-20 SecRuleRemoveById phpids-21 SecRuleRemoveById phpids-30 SecRuleRemoveById phpids-61 SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 SecRuleRemoveById phpids-17 SecRuleRemoveById phpids-20 SecRuleRemoveById phpids-21 SecRuleRemoveById phpids-30 SecRuleRemoveById phpids-61 SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 SecRuleRemoveById phpids-17 SecRuleRemoveById phpids-20 SecRuleRemoveById phpids-21 SecRuleRemoveById phpids-30 SecRuleRemoveById phpids-61 SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 SecRuleRemoveById phpids-17 SecRuleRemoveById phpids-20 SecRuleRemoveById phpids-21 SecRuleRemoveById phpids-30 SecRuleRemoveById phpids-61 SecRuleRemoveById 960010 960012 950006 SecRuleRemoveById phpids-17 SecRuleRemoveById phpids-20 SecRuleRemoveById phpids-21 SecRuleRemoveById phpids-30 SecRuleRemoveById phpids-61 ``` * I am now removing mod_security since I a running about 13 sites on my server and all of them run different scripts so this will literally take me months to get things strait for every site and script, time that I don’t have. * [knightbaron](https://wordpress.org/support/users/knightbaron/) * (@knightbaron) * [16 years, 6 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032390) * This piece of code work like a charm for me * ``` SetEnv MODSEC_ENABLE Off PassEnv MODSEC_ENABLE ``` Viewing 15 replies - 1 through 15 (of 15 total) The topic ‘Disable mod security’ is closed to new replies. ## Tags * [mod_security](https://wordpress.org/support/topic-tag/mod_security/) * In: [Installing WordPress](https://wordpress.org/support/forum/installation/) * 15 replies * 8 participants * Last reply from: [knightbaron](https://wordpress.org/support/users/knightbaron/) * Last activity: [16 years, 6 months ago](https://wordpress.org/support/topic/disable-mod-security/#post-1032390) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics