Do you have any idea?

dona_house · ‎03-06-2019

Guys, could you please explain, why Magento adds the following rules in .htaccess by default:

<IfModule mod_security.c>
##########################################
#disable POST processing to not break multiple image upload

SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

It is pretty fondly to disable the WAF and to believe that the Application is secure.

If mod_security conflicts with something, a specific URI or smth like that should be excluded from the WAF.

Do you have any idea?

gelanivishal · ‎03-07-2019

Hello @dona_house ,

ModSecurity is an open-source web-based firewall application (or WAF). WAF is an application firewall used for HTTP applications. ModSecurity is supported by different web servers like Apache, Nginx and IIS. With over 70% of all attacks now carried out over the web application level and organizations need every help they can get in making their systems secure. For more information refer https://www.interserver.net/tips/kb/what-is-modsecurity-and-how-to-use-it/

I will not recommend to disable Mod-Security on your account. Mod_security module helps to protect your website from various attacks. If mod-security is disabled on your account, your website will be at risk from vulnerabilities. Once mod_security is turned off for an account, we will not take any responsibility of hacking the domain, database hacking, data manipulation and other activities which mod_security can prevent.

--
If my answer is useful, please Accept as Solution & give Kudos

Do you have any idea?

Do you have any idea?

Re: Do you have any idea?