Hi,
The .htacess solution to not work for me.
I would like to try
# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply “text/html” as Content-Type
SecFilterSelective REQUEST_METHOD “!^(GET|HEAD)$” chain
SecFilterSelective HTTP_Content-Type “!(^$|^application/x-www-form-urlencoded|^multipart/form-data|^text/xml)”
However, I do not know which modsecurity file to modify. Is it this one: modsecurity_crs_10_config.conf or to I place it in http.conf?
Also, is the above for mod_security 1.x? How should it be written for 2.x?
Also, would you know why the .htaccess method does not work?Is there a setting somewhere that prohibits .htaccess from modifying the modsecurity settings?
