412 Error: ModSecurity Triggered
This error can occur if you have the ModSecurity active for your domain or subdomain. ModSecurity helps to detect and prevent attacks on web applications by analyzing requests to and from your web server.
Why did this happen?
ModSecurity detected something suspicious in your request, such as:
- Defective request header
- Invalid cookies
- Bad parameters
If you believe this is a mistake, try the following steps:
- Try again with a different browser
- Avoid using special characters in the URL
ModSecurity Rule Sets in Use
We use the Atomic ModSecurity Rule Sets, which include protection from:
- SQL injection
- Cross-site scripting
- Remote and local file injection/inclusion attacks
- Command injection
How to Disable a ModSecurity Rule
If you are the website owner and want to disable a specific rule, follow these steps:
- Open Attack Stats for your domain or subdomain
- Go to the Attack Messages tab and find the rule ID you are triggering
- Edit or create a .htaccess file in your domain's root folder
- Insert the following code to disable the rule:
<IfModule mod_security2.c>
SecRuleRemoveById 900011
</IfModule>
SecRuleRemoveById 900011
</IfModule>
Repeat this process for any rule that is causing issues.
Example of a ModSecurity Error
Here's an example of a log message that shows an error caused by too many failed login attempts:
[id=900011] IP address blocked for 60 minutes, more than 10 login attempts in 1 minute.
Tags: .htaccess, 412 error, command injection, cross-site scripting protection, disable ModSecurity, local file inclusion, login attempt blocking, ModSecurity, PHP error, remote file inclusion, rule removal, security issues, SQL injection protection, web application firewall, web hosting error, website security