Importance Of Mod_Secure Disabled For V4.3.x Stores Vs V4.2.4


I still have a store license for V4.2.4 from CS Cart but I have upgraded my other two CS Cart stores which used to be V4.3.3 based and now both are up to V4.3.6.

If I reinstall that V4.2.4 store I recieve the notification (on the same server that is) that mod_secure is enabled and it should be disabled.

If I were to disable mod_secure , would that affect my two other V4.3.6 stores in a adverse manner ?

Remember they all reside on the same VPS.

Yours truly,

If you disable the mod_security, it will not affect other CS-Cart installations on your server.

Thanks again, disabled it this instance

Ok... so when I edit/save just about any content or add Order Statuses clone products etc, the content is either completely or sometimes only partially saved. If I turn off Mod Security then it saves ok.

Mod_sec seems to be a good security measure, but I am continuously needing to turn it off to get any work done in admin.

Q1. Are there any security risks associated with completely diabling Mod Security.?

Q2. If so would it not be a great function for CSCart software to check for modsec and popup a reminder in admin to turn it off, then a reminder to turn on when logging out and/or closing an admin session.

There are so many store owners having issues with Mod_security that I think some measures need to be taken. I dont see a mention of it in the system requirements.

I run ModSec with several versions of CS-Cart with no issues. I have globally whitelisted the following ModSec rules: 950107, 950904, 950906, 959007, 960009, 1500333, 10124314 & 10124455. ModSec is a great security tool that helps protect your system, I wouldn’t recommend completely disabling it unless there was no alternative.

Sent from my XT1585 using Tapatalk

+1 what tletourneau said. I wouldn't completely disable it.