ok so we can’t use mod_security on the SITE… perfect… we still should be able to use on our other sites, you are not alone you know…

basically did you just check the php_info for a mod_security module ?

We turned it off per Vhost config for cs-cart beta, and YOU STILL don’t want an install…

Im not turning off mod_security on all my sites for you especially out of usa/canada countries, if it was only on me , i would of blocked on out of country traffic to our switches…

So basically how can you MOD your check to not annoy people who have mod_Sec on server but not enabled on this particular config ?

apart from modding app/Installer/Validator EVERY TIME…

public function isModeSecurityDisabled()


$checking_result = true;



$_info = ob_get_contents();


if (strpos($_info, ‘mod_security’) !== false) {

- App::instance()->setNotification(‘E’, App::instance()->t(‘error’), App::instance()->t(‘text_mod_security’), true, 'va$

$checking_result = false;


+ $checking_result = true;

return $checking_result;


plus since when do you DELETE folders and files on a customers server without telling them ?

/install dir for example ?

If you have mod_security enabled globally on your server then try disabling it only for CSC. In the htaccess file in the root of the CSC install, add the following:

# Disable ModSecurity
SecFilterEngine Off

Since when can't mod_security be used? We have it enabled and run sites with versions 2, 3 and 4 with no problems.

Sent from my EVO using Tapatalk 2

mod_security enabled can cause problems on some servers and it may be necessary to whitelist some rules: http://forum.cs-cart…urity-disabled/