How to disable Mod security rule for a domain in cPanel server

Mod security is an Apache module that helps to protect your website from various attacks. It is used to block commonly known exploits using regular expressions and rule sets. It blocks injection attacks which secure your server. We use mod_security1 for Apache1.x and mod_security2 for Apache2.x. In case of mod_security1, we can disable mod_security for a domain using .htaccess file.

If you need to disable mod_security for a domain in Apache1.x, then add the following in the .htaccess

SecFilterEngine Off

In Mod security2, if you wish to block it for a domain, then follow the steps below:

1. Create a folder with the domain name as instructed below:

# mkdir -p /usr/local/apache/conf/userdata/std/2/username/

Update: In EasyApache 4, the directory structure is little bit different. Create directory as below:

# mkdir -p /etc/apache2/conf.d/userdata/std/2_4/username/

2. Then create a file vhost.conf in it

# vi /usr/local/apache/conf/userdata/std/2/username/

In EA4: /etc/apache2/conf.d/userdata/std/2_4/username/

3. Add the following contents in it:

save it.

4. Finally, execute the following command

# /scripts/ensure_vhost_includes --user=username

This script will uncomment the following line in Apache configuration. It will customize the virtual host to use the particular include file and will restart Apache

Include “/usr/local/apache/conf/userdata/std/2/username/*.conf”

That’s it!!!

How to disable
SpamAssassin and it’s service – WHM/cPanel
SSH login as root user
Disable open_basedir in Directadmin server
Disable ‘Directory listing’ in Apache web server
Disable phpinfo(); in a shared environment

Post navigation

Arunlal A

Senior System Developer at Zeta. Linux lover. Traveller. Let's connect! Whether you're a seasoned DevOps pro or just starting your journey, I'm always eager to engage with like-minded individuals. Follow my blog for regular updates, connect on social media, and let's embark on this DevOps adventure together! Happy coding and deploying!

One thought on “How to disable Mod security rule for a domain in cPanel server

Leave a Reply

Your email address will not be published. Required fields are marked *