Error "412 Precondition Failed" (mod_security2)
Mod_security2 is an Apache2 module which blocks requests to the web server based on a list of server-side rules, also known as a Web Application Firewall (WAF). Rules include blocks against common server attacks, and they filter requests to vulnerable software. This additional security feature is activated by default on our servers in order to provide maximum protection from hacker attacks for the websites of our customers. However, it is possible for certain legitimate requests/scripts to match a rule and be blocked. When this happens, the error message returned by the server is 412 Request Blocked (Precondition failed). You are able to disable certain blocking rules, or completely disable mod_security2, by using an .htaccess file.
Disabling mod_security2 for XML-RPC files
The XML-RPC protocol is used by some WordPress modules to communicate with external resources, most notably - the Jetpack plugin and the official WordPress mobile apps. All Jetpack IP addresses are whitelisted on our servers, so you do not need to disable mod_security2 to use the Jetpack plugin. To read more on how to allow access to this file through the WordPress section of the Control Panel, please check our Enabling access to XML-RPC article.
Disabling a specific rule
By default, a number of abusive bots are blocked from visiting customer sites, with specific mod_security2 rules. These are the currently blocked bots, as well as their mod_security2 IDs:
If you need to allow any of the above bots to access your site, you can disable the specific mod_security2 rule with an .htaccess file in the main folder of your website. Just use the SecRuleRemoveById directive as in the example above, and replace the ID with the ID of the specific rule.
Disabling mod_security2 altogether
If you are certain about disabling the mod_security2 module, you can create an .htaccess file in the directory where you want to disable it. The file should contain the following code: