If a customer reaches out with a 500 Internal Server error, and when you check the Apache log you find references to "SecRule not allowed here" there is likely a flag in the .htaccess file that should not be there.
This can be corrected by commenting out the flag in the .htaccess file.
Examples of the errors you may see:
500 Internal Server Error
SecRule not allowed here
Related Articles
Enable/Disable ModSecurity using cPanel
WordPress Elementor Server Error 406
Remove SecRule From .htaccess
- Log into the appropriate cPanel
- Navigate to File Manager, located in the Files section
- Navigate to the document root of the site
- Locate the .htaccess file for the site
TIP: If .htaccess is not present, show hidden files in File Manager. - Locate any lines starting with SecRule
NOTE: These are typically whitelisted items. The directive is meant to go in the ModSecurity configuration file and not .htaccess.
EXAMPLE:
SecRule REMOTE_ADDR "^xxx\.xxx\.xxx\.xxx$" phase:1,nolog,allow,ctl:ruleEngine=Off - Comment out the lines by adding
#at the beginning of the line or remove those lines - Consider either disabling ModSecurity temporarily as needed or finding the rule and whitelisting it
Comments
0 comments
Article is closed for comments.