A notification message from Imunify360 Advisor is received:
The following users disabled "ModSecurity" via changes in the .htaccess file: userX. Please execute the manual fix or reach out to our support"
Remove the directives such as
SecFilterEngine from the user's
.htaccess files. Configuration files in user's paths should not look like this:
As in this case, the filtering engine is disabled and this state is considered unsafe, such files should be deleted.
It may be required to check other
.htaccess files as well.
Note that it requires some time before the notification is cleared.
Often these directives are added intentionally to avoid antivirus detections. However, when it is done without user knowledge, it is worth creating a ticket to conduct an investigation.
This message advises removing
SecFilterEngine Off directives from
.htaccess, to enable ModSecurity. It disappears after a new user's scan can not find modified .htacces files.`