How to disable server's mod_security?
Introduction
mod_security is an Apache module that helps protect websites from various attacks. It blocks commonly known exploits using regular expressions and rule sets, and is enabled by default on some hosting providers' servers.
In LaraClassifier and JobClass, PHP functions like exec() and escapeshellarg() must be enabled to function properly. Depending on your hosting provider, you may need to disable mod_security to avoid 403 errors or reCAPTCHA protections for static files.
From cPanel
To disable mod_security from cPanel:
- Login to cPanel
- Under the Security section, click on ModSecurity
- On the next page, you'll see a list of domains with their on/off status
- ModSecurity is ON by default for all sites
- Click the OFF button to disable ModSecurity
From .htaccess
If you cannot disable mod_security from cPanel, you can do so in the main .htaccess file using this code:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>Note that mod_security may be compiled to prevent disabling via .htaccess files, and hosts may also limit .htaccess authorizations through AllowOverride settings.
On some servers, you can disable ModSecurity via .htaccess, but you can only switch it on or off — you cannot disable individual rules.
A better practice that maintains site security is to disable it only for specific URLs rather than your entire site. You can specify URLs to match using a regex in an <If> statement:
### DISABLE mod_security firewall
### Some rules are currently too strict and are blocking legitimate users
### We only disable it for URLs that contain the regex below
### The regex below should be placed between "m#" and "#"
### (this syntax is required when the string contains forward slashes)
<IfModule mod_security.c>
<If "%{REQUEST_URI} =~ m#/assets/#">
SecFilterEngine Off
SecFilterScanPOST Off
</If>
</IfModule>