Unable to access index.php?

[youtub31]

Hello there, I am using a forum and whenever I try to post a really long tutorial, I always get this error that I am not allowed to access index.php. I think this might have to do with mod_security after doing a bit of googling around it might be preventing me to post due to keywords in my post. I saw one thing online say in order to turn off mod_security you have to add this to your .htaccess

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

I checked my .htaccess and this is already within the file but I am still unable to access index.php whenever I make long post. Any short post I write it instantly puts through.

 

[bdistler]

I saw one thing online say in order to turn off mod_security you have to add this to your .htaccess

while x10hosting discourage it - Premium users have the ability to completely disable mod_security on their account via cPanel

For free-hosting x10hosting has a customized web server setup that does not allow for the same cPanel functionality to disable mod_security - x10hosting also decided it would not be a good idea to allow free-hosting users to disable it - as it is used to not only protect against inbound malicious attacks but to prevent outbound abuse also - Unfortunately free-hosting still gets abusive signups - and allowing them to disable something that helps to prevent their malicious actions would not be in x10hosting's best interest

 

[youtub31]

If I can't disable it thats alright I guess but is there a way I can get the mod_security to stop stopping me because of keywords I use in tags or postbits of html in a

codebox

?

 

[essellar]

Unfortunately, that pretty much describes exactly what the security rules are meant to prevent. Do note, though, that as the owner of the site, you can back-door a lot of that stuff by doing an end-run around the forum software and populating the database directly if you're familiar with the forum table layout and SQL queries. (If necessary, you can add the posts to a local copy and export the data as a SQL query. That will take care of any escaping, etc.) Since the data would not be in an HTTP POST to your hosting account front-end, mod_security won't intercept it. Opening direct posting would mean opening it to your users as well, and that's not likely to happen because of the potential risks.