cancel
Showing results for 
Search instead for 
Did you mean: 

Do you have any idea?

   Did you know you can see the translated content as per your choice?

Translation is in progress. Please check again after few minutes.

Do you have any idea?

Guys, could you please explain, why Magento adds the following rules in .htaccess by default:

<IfModule mod_security.c>
##########################################
#disable POST processing to not break multiple image upload

SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

It is pretty fondly to disable the WAF and to believe that the Application is secure. 

If mod_security conflicts with something, a specific URI or smth like that should be excluded from the WAF.

Do you have any idea?

1 REPLY 1

Re: Do you have any idea?

Hello @dona_house ,

 

ModSecurity is an open-source web-based firewall application (or WAF). WAF is an application firewall used for HTTP applications. ModSecurity is supported by different web servers like Apache, Nginx and IIS. With over 70% of all attacks now carried out over the web application level and organizations need every help they can get in making their systems secure. For more information refer https://www.interserver.net/tips/kb/what-is-modsecurity-and-how-to-use-it/

 

I will not recommend to disable Mod-Security on your account. Mod_security module helps to protect your website from various attacks. If mod-security is disabled on your account, your website will be at risk from vulnerabilities. Once mod_security is turned off for an account, we will not take any responsibility of hacking the domain, database hacking, data manipulation and other activities which mod_security can prevent.

 

--
If my answer is useful, please Accept as Solution & give Kudos