“mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications.” — HowtoForge
Disable mod_security in .htaccess file
1. If you do not have one yet, an .htaccess file in the folder of your web application
2. To disable mod_security COMPLETELY, add the following line to the .htaccess file:
OR, to disable HTTP POST scanning only, use the following instead:
3. Save the file and test your web application to check whether disabling mod_security has solved your problem.
I recommend you to try SecFilterScanPOST Off first, instead of disabling mod_security completely.
My two cents
mod_security is good to protect your website but it might cause some problems for certain web applications, especially in file uploads. My server has mod_security enabled and I encountered WordPress upload error: “HTTP error”. The SecFilterScanPOST Off solved the problem immediately.
<Directory /var/www/html/phpmyadmin> SecRuleEngine Off </Directory>
<Directory "/var/www/html/phpmyadmin"> Order deny,allow Deny from all Allow from 192.168.2 </Directory>REFERENCES