The following was shared by a client having problems with uploads in JReviews not working:
Never disable all rules !! This could cause serious security issues!
The easiest way to disable individual mod_security rules if you are using cPanel is to install ConfigServer ModSecurity Control and use it to disable individual mod_security rules by ID or via a specific directory.
Otherwise you will need to review and edit specific Apache server files as follows: (Windows Web Server not addressed here)
The mod_security ID's I whitelisted for JReviews Joomla are:
- 911100
- 920100
- 920420
- 949110
- 980130
To check your server for specific rule errors you need to check the logfile of modsecurity with (for cPanel users use the cPanel ModSecurity Tools)
tail -f /var/log/apache2/modsec_audit.log
and exclude each rule one by one reproducing the errors on the phpmyadmin interface.
Next, add :
<Directory /path/to/phpmyadmin>
<IfModule security2_module>
SecRuleRemoveByID 981320
{And other rules you need to disable ...}
</IfModule>
</Directory>
to /etc/apache2/mods-enabled/modsecurity.conf
Be sure to restart Apache