ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out over the web application level, organisations need all the help they can get in making their systems secure. WAFs are deployed to establish an increased external security layer to detect and/or prevent attacks before they reach web applications. ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure. Therefore, for obvious reasons, many hosts have this module compiled.

ModSecurity is a very useful module. However with improper configuration this can make your website/script not working at all. To check if ModSecurity is installed please open your PHPInfo, search for mod_security, if you see mod_security, that means ModSecurity is installed.

To disable ModSecurity please put the followings to your php.ini/.htaccess (To find out which file to modify please check out this tutorial)

<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>

If, unfortunately,  you have ModSecurity2 installed then there is no way to make any changes to the default setup in .htaccess/php.ini. You will have to contact your host provider to have it disabled for your domain.

.htaccess, disable, How to, ModSecurity, mod_security, php.ini