ModSecurity preventing saving settings

In certain scenarios, ModSecurity will interfere with and disrupt Ninja Forms. The reason this happens is that some ModSecurity configurations will flag Ninja Forms’ requests as a potential threat to the security of the system and will throw a 403 Forbidden or 500 Internal Server error.

You may also receive an ambiguous 404 Not Found error if your server has not been set up to correctly serve 500 Internal Server errors.

See below for a few tips on how to work around this issue.

.htaccess Rule Override

It is sometimes possible to disable ModSecurity using an .htaccess rule. You can try placing the following in your root directory’s .htaccess file to disable ModSecurity for admin-ajax.php, the file we leverage to make connections between two installations.

<Files "admin-ajax.php">
SecFilterEngine Off
SecFilterScanPOST Off
</Files>

If this does not work it might be possible that your host has disabled .htaccess overrides or your version of ModSecurity is not compatible with this particular override.

Disable ModSecurity

This is the fastest and most effective fix for this issue but not very ideal. This is extremely effective in determining whether or not this is actually a ModSecurity issue or not.

If you determine that ModSecurity is causing the migration to fail you could have your host send you the ModSecurity logs. Sending these logs to us will help us determine the exact rule that is triggering this issue. With this information, we may be able to modify the plugin to work with your environment.

Alternatively, you may be able to work with your host to have them change their ModSecurity rules to allow the integration to function correctly.