Magento 2 cannot save category description - modsecurity SQL injection rule

Question

I am working on a Magento 2 project and have been having trouble saving category descriptions.

In the Catalog Save controller action (Magento\Catalog\Controller\Adminhtml\Category\Save), I was logging the request parameters:

$this->getRequest()->getParams()

On most categories all of the request parameters would come through, but certain ones would completely ignore the POST parameters.

After playing around with the description value being posted, I noticed that the request would not come through when my text had an instance of the text select followed later by an instance of from.

My text was something like the following:

"We carry a selection of knives from satin to mirror finish"

I checked the modsecurity logs. It had filtering the requests, mistaking them as SQL injections.

Answer 1

To fix the issue, we add configuration to remove the ModSecurity rules for our specific domains with:

<LocationMatch .*>
    SecRuleRemoveById 950004
</LocationMatch>

More on removing ModSecurity rules:

http://www.inmotionhosting.com/support/website/modsecurity/find-and-disable-specific-modsecurity-rules