Mod Security Problem..OrakUploader

I’m not personally familiar with this program, but It sounds like ModSecurity is giving you a false positive and identifying OrakUploader as a threat. My understanding is that you should be able to adjust ModSecurity’s rules in order to allow uploads from your OrakUploader plugin. This can come with certain risks depending on how you do this, as it could potentially open up the option of legitimate risks being allowed in, so please proceed with care.

I would suggest checking the logs to find out what rule in ModSecurity was triggered by OrakUploader. Once you know what specific rule it’s triggering, you should be able to make adjustments to let it through. Running the following should provide you with the rule ID number:

grep yourdomain.com /var/log/apache2/error.log | grep -i modsecurity

From there you can navigate to /etc/modsecurity/modsecurity.conf and remove the rule according to the rule ID number:

SecRuleRemoveById <ID>

And then restart Apache so the changes take effect.

Additionally, ModSecurity suggests exploring the crs-setup.conf file, which has a great deal of information about the rules, exceptions, and how to avoid false positives.

ModSecurity Exceptions
Handling False Positives Tutorial

You can even submit a request to ModSecurity to look into adjusting the rules in their Core Rule Set, which is pretty cool!

ModSecurity Issues Page on GitHub

You can also remove ModSecurity entirely by running the following command, though I would do this with care as ModSecurity you will no longer be under its protection:

apt-get remove libapache2-modsecurity

In order to cover our bases, I'm including some further resources here:

Configure Mod Security on Apache

Mod Security GitHub Exclusion Rules

Mod Security Reference Manual

Mod Security CSF Blocking Picture Upload Scripts (cPanel Forums)