How to disable Mod security rule for a domain in cPanel server

Mod security is an Apache module that helps to protect your website from various attacks. It is used to block commonly known exploits using regular expressions and rule sets. It blocks injection attacks which secure your server. We use mod_security1 for Apache1.x and mod_security2 for Apache2.x. In case of mod_security1, we can disable mod_security for a domain using .htaccess file.

If you need to disable mod_security for a domain in Apache1.x, then add the following in the .htaccess

SecFilterEngine Off

In Mod security2, if you wish to block it for a domain, then follow the steps below:

1. Create a folder with the domain name as instructed below:

# mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain.com

2. Then create a file vhost.conf in it

# vi /usr/local/apache/conf/userdata/std/2/username/domain.com/vhost.conf

3. Add the following contents in it:
——-

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

——-
save it.

4. Finally, execute the following command

# /scripts/ensure_vhost_includes --user=username

This script will uncomment the following line in Apache configuration. It will customize the virtual host to use the particular include file and will restart Apache

Include “/usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf”

That’s it!!!

 

How to disable
SpamAssassin and it’s service – WHM/cPanel
SSH login as root user
Disable open_basedir in Directadmin server
Disable ‘Directory listing’ in Apache web server
Disable phpinfo(); in a shared environment

Post navigation

Arunlal Ashok

Linux Systems Architect at Endurance International Group. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team CryBit.com

One thought on “How to disable Mod security rule for a domain in cPanel server

Leave a Reply

Your email address will not be published. Required fields are marked *