Global: Remove conditional rules for mod security in .htaccess as they can break an installation under certain circumstances (SecRuleRemoveById not allowed in <If> context) - refs #3163

ywarnier · ywarnier · commit 5f517f975234 · 2020-08-13T12:18:56.000+02:00
diff --git a/.htaccess b/.htaccess
@@ -89,17 +89,3 @@ AddType application/font-woff .woff .woff2
   ExpiresByType application/font-woff "access plus 1 month"
 </IfModule>
 
-# Add MOD Security exceptions against XSS Attack confusion in main/lp/*.php
-# See https://github.com/chamilo/chamilo-lms/issues/3163
-<IfModule mod_security.c>
-	<If "%{REQUEST_URI} =~ m#main/lp#">
-		SecRuleRemoveById 212000-212999
-	</If>
-</IfModule>
-
-<IfModule mod_security2.c>
-	<If "%{REQUEST_URI} =~ m#main/lp#">
-		SecRuleRemoveById 212000-212999
-	</If>
-</IfModule>
-
