Katz.cd is a very popular DDL sites which enlists downloads from other Warez Linking sites. Last few months they are blacklisting some download submitting sites because these site's host are using mod_security and when people click on the enlisted download pages of those sites in Katz.cd they get the following error. Which means that these hosts are blocking referred traffic of Katz.cd Screenshot of Error: To say in short that mod_security is a web application firewall to protect web application attacks. But it is now even blocking genuine traffic. After goggling I found a solution which seems to solve this problem by adding the following codes in .htaccess file of the site and referred traffic by Katz.cd won't be blocked. Add the following lines in your .htaccess file. <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> PHP: I am not fully sure that it is the perfect solution or not to solve this problem. I am requesting other forum members of Digital Point to check my solution and to post any other solution so that this kind of error doesn't generate at all. Disabling mod_security can't be the solution.
A 406 is a very strange error for a normal web browser to receive. I'm using Firefox now and for most requests it is sending this accept header: Accept: */* Code (markup): Which shouldn't be capable of causing a 406 error to be generated. I couldn't find a link on katz.cd that would cause this to happen. Are there any left on the site that you can point me to ? Or... could you use the LiveHTTPHeaders Firefox plugin and click on one of these links from katz.cd and show me the output that it generates ? The first request that causes a 406 error would do.
You will need to check the mod_security audit logs or maybe the Apache error log to find out what rule is being hit and causing mod_security to throw that error. Disabling mod_security using your .htaccess file, like you have given and as you have stated is not a very good idea. mod_security is put there to protect your website. By disabling it, you are disabling the protection given to you by mod_security. It basically defeats the entire purpose of mod_security.
i am getting the 406 error but this doesn't seem to help me. what can my host edit in the mod_security file in order for ddl sites to be able to access it? Please and thank you, v01d
If your host is using unique IDs for each of their mod_security rules and if they are logging the mod_security hits, then they should be able to identify which rule is being hit by your website. They can then either exempt that rule from website, remove the rule from their ruleset, or some other action. It really just depends on how the host operates. Please note, if you have more than one rule being hit it may take some trial and error to exempt all of the rules. For example, if your website is hitting 3 rules, it will stop at the first rule. Your host won't know about the other 2 rules until the first rule is exempted (and consequently the second rule is exempted). If your website is hitting a lot of rules, it may appear to you that your webhost is not doing anything, but it may just be because of the multiple rule hits.
In comparison with mod_security I found dotdefender web application firewall to be more user friendly and more efficient installed on my window server machine. After I installed dotdefender I noticed a significantly decrease in the number of attacks we had. You should also know that installing mod_security you will need to be an expert in security while in dotdefender its like install it and voila you are protected.
100% correct, your the only person with the correct fix. Find the mod_security rule which is catching the " false positive ", then make an exemption in your mod_security config. Google is your friend.