- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have any idea?
Guys, could you please explain, why Magento adds the following rules in .htaccess by default:
<IfModule mod_security.c>
##########################################
#disable POST processing to not break multiple image upload
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
It is pretty fondly to disable the WAF and to believe that the Application is secure.
If mod_security conflicts with something, a specific URI or smth like that should be excluded from the WAF.
Do you have any idea?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Do you have any idea?
Hello @dona_house ,
ModSecurity is an open-source web-based firewall application (or WAF). WAF is an application firewall used for HTTP applications. ModSecurity is supported by different web servers like Apache, Nginx and IIS. With over 70% of all attacks now carried out over the web application level and organizations need every help they can get in making their systems secure. For more information refer https://www.interserver.net/tips/kb/what-is-modsecurity-and-how-to-use-it/
I will not recommend to disable Mod-Security on your account. Mod_security module helps to protect your website from various attacks. If mod-security is disabled on your account, your website will be at risk from vulnerabilities. Once mod_security is turned off for an account, we will not take any responsibility of hacking the domain, database hacking, data manipulation and other activities which mod_security can prevent.
--
If my answer is useful, please Accept as Solution & give Kudos