cancel
Showing results for 
Search instead for 
Did you mean: 

why mod_sec is disabled by default?

why mod_sec is disabled by default?

Guys, could you please explain, why Magento adds the following rules in .htaccess by default:

<IfModule mod_security.c>
##########################################
#disable POST processing to not break multiple image upload

SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

It is pretty fondly to disable the WAF and to believe that the Application is secure.

If mod_security conflicts with something, a specific URI or smth like that should be excluded from the WAF.

Do you have any idea?