mod_security Blocking Form Contents

[Michael Mihalyfi]

mod_security Blocking Form Contents (IE: Textboxes containing URL Links)

If a TextBox has a URL (starting with HTTP) as its contents, submitting the form triggers a FORBIDDEN error, I have tracked this down to a setting in "mod_security" which is possibly designed to prevent SQL Injection Attacks.

I need to disable this option in "mod_security", How can I do this on cPanel?

PS: I get my cPanel account through Zen Internet if this makes a difference.

 

[rpvw]

As a website owner, you can disable all of mod security for a domain in cPanel (assuming your provider has made it available to you) in the Security > Mod Security settings.

You would need to talk to your server administration to make changes to individual rules that might be interfering with your forms.

 

[cPanelMichael]

Hello,

You will need to contact your hosting provider if you want a specific Mod_Security rule whitelisted for your account. You could also enable or disable Mod_Security for one or all domain names associated with your account if your hosting provider has enabled ModSecurity Domain Manager for your account:

ModSecurity Domain Manager - Documentation - cPanel Documentation

Thank you.

 

[quizknows]

For the love of God please don't disable modsecurity for your domain entirely. It provides essential protections for you.

Generally these issues can be resolved by whitelisting a rule or two. If you do not have root, your hosting provider should be experienced in resolving these issues.

If their answer is disabling modsecurity for your domain, find a new host.