0

I know this is already discussed here but unfortunately I did not find the solution. I am using Hostgator shared hosting account and I installed the script which fetch the video from youtube.com. All is well however when I use the option to fetch the video I see this error ERROR 403 - FORBIDDEN. I also try .htaccess method but it also not work. is there any solution to disable the mod_security for my domain. My domain name is moviendrama.com

Ali
  • 11
  • 1
  • 1
  • 2

2 Answers2

3

Update: as correctly noted by BazzaDP my original suggestion is dated and may not work now. According to the mod_security wiki it may still be possible to disable some rules, including SecRuleRemoveById, via .htaccess, but this would need to be enabled when mod security is compiled.

I don't have a Hostgator account, but this general solution should work.

If it doesn't already exist, create a .htaccess file in the root of your web directory.

Then add the following:

<IfModule mod_security.c>
   SecFilterEngine Off
   SecFilterScanPOST Off
</IfModule>

source

This should disable mod_security.

Good luck

Community
  • 1
  • 1
David Taiaroa
  • 25,157
  • 7
  • 62
  • 50
  • 1
    Not this is the old ModSecurity 1 syntax which is no longer used with Apache 2 as far as I know. – Barry Pollard Jul 22 '16 at 19:57
  • hey @BazzaDP, thanks for picking me up on my dated suggestion. I was trying to think of an easier solution than modifying the server config files but I missed the target ;) – David Taiaroa Jul 22 '16 at 21:13
  • This doesn't do anything for me, I still get "406 Not Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security." when a user types in "hi <3" (with quotes) and submits a form, simply because it contains a quote and a left arrow wtf. My php doesn't run at all for certain common user inputs and there's nothing I can do it's just broken for people. – Curtis May 25 '19 at 00:51
  • @Curtis, have you asked your hosting support if they can offer a solution? – David Taiaroa May 26 '19 at 11:09
  • Yes I contacted HostGator and they said they'd get on solving it and email me but they never did. Right now I've implemented a hack that checks for a quote and a left arrow on the front end, but that's probably not the only case. I'd have to run all of mod security on the front end just to see what it's going to catch, then warn the user that their valid input not going to work. – Curtis May 30 '19 at 22:24
  • @Curtis, if you don't have any success working with your hosting support, maybe you could look into other options like a different hosting package with Hostgator (one that gives you some control over mod_security), or another hosting provider, or using a 3rd party solution to process your forms? Good luck! – David Taiaroa May 31 '19 at 10:48
1

For ModSecurity2 (which has been out since 2006) you need to use this in your Apache config file:

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

Not that this is NOT support in .htaccess file and has to be in main config file which you may not have access to on a shared hosting environment not familiar with Hostgator but imagine that falls into this category).

The alternative is to put a rule (or more specifically an action so it always runs) into your .htaccess file instead:

SecAction "nolog,phase:1,ctl:ruleEngine=Off"

Note this depends on ModSecurity having been compiled with the option to define rules and actions in .htaccess files (which you'd hope most shared hosting environments would do but don't know if Hostgator do).

If neither these nor David's answer works you're better getting in touch with Hostgater.

Barry Pollard
  • 40,655
  • 7
  • 76
  • 92