Would you like a long or a short story? :)

@Kelvin

I just counted, we exchanged 20 emails with Godaddy's support since 22nd of December regarding mod_sec.

First they stated that they do not provide support for third party software and directed me to OxWall's support.

Only after I wrote that if they are not able to fix this problem, I would be forced to switch hosting provider, they became more friendlier and asked for my IP address (they probably wanted to add it to some white list) and I had to explain that the issue is not just with me but all of my site's member are experiencing the same problem.

Than they got really stupid and wrote:

"When reviewing the site we have accessed the page referencing the upload of files, however the details never load and the page gets stuck after clicking "upload photos" to the hosting account. We are not able to attempt to upload a photo to duplicate the error in question, you will need to review the site and determine the issue causing the upload function not to work properly, we have attempted this in FireFox and Google Chrome.".

Of course I explained that that is exactly the issue I want to fix and told them (once again) that the issue is with mod_sec not being properly configured.

I was constantly sending screenshots and errors I get when I turn on "Inspect element" in Chrome and from Firebug plugin for Firefox.

Than they wrote back and said that mod_sec was now properly configured - and finally pictures could be uploaded the "normal" way.

But when I wanted to embed videos I got an error discussed in another post:

http://www.oxwall.org/forum/topic/12080?page=4#post-128565

@ross pointed out that that was also the issue with mod_sec and I wrote them (Godaddy's support) back with another set of screenshots, error log and steps to reproduce those errors.

Then it was solved and they wrote:

"We have resolved this issue, and we are successfully able to embed the video from youtube at this time using the code directly from youtubes > share > embed options.

To do so, several mod sec rules were whitelisted.

With that being said, mod security rules exist to protect both yourself and our servers, and this would indicate that site code is functioning in a way that is of concern.

While videos do now work at this time, we do request that you verify that the application / extensions you are utilizing are all up to date."

Now, this is a good question for @ross.

How come OxWall is coded in a way that mod_sec has to be disabled?

Should we be worried for the security of our web sites?

From the research I've done in the last few days, I found out that mod_sec is is (among others) what keeps our servers and data safe and should not tampered with.

I am not a newbie, I'm just new at creating online community web sites. I was deciding between BuddyPress and OxWall and went for OxWall. Since I started to use OxWall (some two months ago) I purchased 2 plugins from the store and posted a job on oDesk - so I am a active, paying member of OxWall ecosystem. Just saying this because I think that this more than entitles me the right to get an answer - and a really good one, because I never came across a software that need mod_sec disabled.

PS I'm sorry if there is anything confusing in what I wrote, English is not my native language. If there is, I'll be glad to clarify.

I gave them admin login details.

As for the error code, I can only send you what were the error I when I user "Inspect element" in Chrome or Firebug plugin in Firefox.

Did you mean that?

Thank you for putting up with my nagging and pointing me in the right direction.

BTW, did you read the last two paragraphs in my long post (3 posts up)?

Thank you for the reassurance