MyBB Community Forums

MyBB Community Forums > 1.8 Support > Security Management and Support > what is the point of disabling mod_security ?
Full Version: what is the point of disabling mod_security ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

linguist

2018-09-18, 07:09 AM
In the installation package for MyBB, there is a "htaccess.txt" file which contains the following code: 
# If mod_security is enabled, attempt to disable it.
# - Note, this will work on the majority of hosts but on
#   MediaTemple, it is known to cause random Internal Server
#   errors. For MediaTemple, please remove the block below
#
<IfModule mod_security.c>
	# Turn off mod_security filtering.
	SecFilterEngine Off

	# The below probably isn't needed, but better safe than sorry.
	SecFilterScanPOST Off
</IfModule>

What exactly is the idea behind that? Why is it useful or necessary to disable mod_security in the forum?

.m.

2018-09-18, 07:29 AM
basically it is related to older versions of MyBB (see related documentation)

however
we still experience some strict security rules affecting MyBB forum functionality.
This community has many related topics ... (search engine results)

linguist

2018-09-18, 09:02 AM
Dang. I only looked for "mod_security" without results. OK, i'm looking stupid again. Hope you all enjoyed the show. ;-)


Edit/P.S.: Thanks for the reply.
(2018-09-18, 07:29 AM).m. Wrote: [ -> ]basically it is related to older versions of MyBB (see related documentation)

Maybe it'd be a nice idea to add this information in a comment line in the htaccess.txt file?

Serpius

2018-09-19, 01:37 PM
(2018-09-18, 07:29 AM).m. Wrote: [ -> ]basically it is related to older versions of MyBB (see related documentation)

however
we still experience some strict security rules affecting MyBB forum functionality.
This community has many related topics ... (search engine results)

"older versions of MyBB" = Meaning the 1.6.xx series and older. Right?

This can be safely removed if one is running 1.8.xx series or newer. Right?

# If mod_security is enabled, attempt to disable it.
# - Note, this will work on the majority of hosts but on
#   MediaTemple, it is known to cause random Internal Server
#   errors. For MediaTemple, please remove the block below
#
<IfModule mod_security.c>
    # Turn off mod_security filtering.
    SecFilterEngine Off

    # The below probably isn't needed, but better safe than sorry.
    SecFilterScanPOST Off
</IfModule>

StefanT

2018-09-19, 08:02 PM
No? As .m. already said it may still break some functionality. MyBB and mod_security haven't been changed much since the code has been added.
MyBB Community Forums > 1.8 Support > Security Management and Support > what is the point of disabling mod_security ?