Secfilterengine off joomla hosting
First, this is not a programming issue (althought I thought it was and that's how I bumped into this page). Second, this is an old thread. Anyway, I hope everyone gains something out of this. I had a Mod_Security error as well but my host (bluehost) white-listed the page for me. I didn't have to turn off the mod myself. - itsols Nov 30 '16 at 3:19
Why is your answer better than the other answer? All I can see is the value in SecRuleEngine Off as well as SecFilterInheritance Off but you provide no explanation of how SecRuleRemoveById works? I understand the concept: Individual rules like the numbers you list can selectively be turned off via that directive. But why are you specifically using 300015. 3000016 and 3000017 in your post? - JakeGould Oct 20 '14 at 1:21
Yes, what do those numbers represent? - Simon East Feb 9 '15 at 22:23
Still curious about what these numbers mean. - nullwriter Jun 23 '15 at 1:53
Just to update this question for mod_security 2.7.0+ - they turned off the ability to mitigate modsec via htaccess unless you compile it with the --enable-htaccess-config flag. Most hosts do not use this compiler option since it allows too lax security. Instead, vhosts in httpd.conf are your go-to option for controlling modsec.
Even if you do compile modsec with htaccess mitigation, there are less directives available. SecRuleEngine can no longer be used there for example. Here is a list that is available to use by default in htaccess if allowed (keep in mind a host may further limit this list with AllowOverride ):
As an additional note for 2.x users: the IfModule should now look for mod_security2.c instead of the older mod_security.c