Drupal, eUKHost, HTML posts and mod_security

Last night I finally figured out something which has been driving me crazy for months: posting HTML (and PHP) content to Drupal (6 or 5) using eUKHost for hosting -- they have Apache's mod_security switched on, but not configured.

Drupal can be installed via Fantastico (an icon on the CPanel administration site that eUKHost gives you), but just didn't work. Every time I tried to post HTML or PHP (or even just something with a particular combination of angle-brackets) I would be redirected to the front page and the content lost. Very frustrating indeed!

I installed and reinstalled Drupal, both from a downloaded package and through Fantastico, and spent a long time looking at the Apache logs and reading about HTTP responses, but eventually I had to admit that it wasn't my setup -- it was eUKHost. So I started searching for that instead, and finally found a comment suggesting that it, "sounds like mod_security isn't setup properly."

So I immediately opened a support ticket with eUKHost, then started researching on how to turn mod_security off. Turns out it's easy -- add the following to your .htaccess file:

SecFilterEngine Off
SecFilterScanPOST Off

Save the file and you're done.