Hi Gaétan, it is better to keep mod_security on, if you can. Are you running anything other than Backlight on your server, such as Wordpress? The more third-party software, the more valuable mod_security in protecting you from malicious traffic.

I’ve tried to replicate this on my own server, which also has mod_security on. But it works without issue. Can you find out from your logs or from your host’s technical support the mod_security rule that is causing this issue? If I am able to replicate this, then I can look into ways of working around it. We already have other workarounds for mod_security rules in other parts of Backlight.