500 Internal Server Error when adding a line in the .htaccess file

Question

I need to add the following line into my .htaccess file in order to get my website working with mod_security

SecFilterScanPOST Off

but then I get an error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

In my WebHost manager I see the following message: "mod_security is installed and running!"

I do not know what I did wrong?

In the logs I get the following message [Wed Jan 13 18:29:12 2010] [alert] [client .............] /home/..../public_html/.htaccess: Invalid command 'secfilterscanpost', perhaps mis-spelled or defined by a module not included in the server configuration — Elitmiar, Jan 13 '10 at 16:32

score 4 · Answer 1 · answered Jan 13 '10 at 16:32

4

That module is probably not loaded. Try it within a <IfModule> block to avoid such error:

<IfModule mod_security.c>
    SecFilterScanPOST Off
</IfModule>

But note that this doesn’t solve your problem. It just avoids that internal error.

To solve your problem, make sure that the mod_security module is loaded. This is done with the LoadModule directive.

answered Jan 13 '10 at 16:32

Gumbo

436
2
6

In my WebHost manager I see the following message: mod_security is installed and running! – Elitmiar Jan 13 '10 at 16:35
@Roland: Then your mod_security module is probably not intended to be used in a .htaccess file. Maybe it’s just allowed in the server/virtual host configuration. – Gumbo Jan 13 '10 at 16:46

score 2 · Answer 2 · answered May 09 '12 at 10:15

2

You said in your comments than in your log file you can read "invalid command 'secfilterscanpost', perhaps mis-spelled or defined"

If you are using mod_security2, the SecFilterScanPOST is obsolete and you should migrate it to SecRequestBodyAccessas , this is explained in the migration document.

http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf

answered May 09 '12 at 10:15

Oscar Raig Colon

121
2

Very helpful link! – Elliot B. Oct 30 '13 at 17:57
This migration matrix is no longer available under that link. – Mike Kormendy Apr 06 '17 at 20:42

score 1 · Answer 3 · answered Jan 13 '10 at 16:31

1

Check your apache error log (on linux it is usually in /var/log/http/error_log or similar).

answered Jan 13 '10 at 16:31

jckdnk111

111
3

score 1 · Answer 4 · answered Jan 13 '10 at 16:37

1

You can check if the SecFilterScanPOST directive is allowed in .htaccess files (probably via an AllowOverride option in your Apache or VirtualHost config file).

answered Jan 13 '10 at 16:37

juba

121
5

score 0 · Answer 5 · answered Jan 14 '10 at 02:59

0

If your mod_security version is 2 or greater you can't put directives in a .htaccess file - only httpd.conf will do. I suppose they'll add this to the FAQ sooner or later.

answered Jan 14 '10 at 02:59

djn

130
4

500 Internal Server Error when adding a line in the .htaccess file

5 Answers5