How to disable mod_security and why it is not recommended?

Posted on December 26th, 2018

ModSecurity is an open-source web-based firewall application (or WAF). WAF is an application firewall used for HTTP applications. ModSecurity is supported by different web servers like Apache, Nginx and IIS. With over 70% of all attacks now carried out over the web application level and organizations need every help they can get in making their systems secure. For more information refer https://www.interserver.net/tips/kb/what-is-modsecurity-and-how-to-use-it/

 

Disable Mod-Security in cPanel

If the rules of the mod-security tools are interfering with the operations of the website and you do not find modification of rules then the best solution is to disable mod-security.

Here we can discuss about how to disable ModSecurity in your cPanel interface.

1) Login to your cPanel account.

2) Go to the section ‘Security’.

disable mod_security

 

3) Click the icon ‘ModSecurity’.

 disable mod_security

 

 

 

4) Here you can see the option for enabling the ModSecurity. Click the button ‘Disable’.

 disable mod_security

 

 

Now you can see a message ‘ModSecurity is disabled for all of your domains.

5) You can also disable mod_security for a particular domain, Select the domain you want to disable mod_security and click ‘Off’ button to disable.

 

 

Disable mod_security using .htaccess file

Create a .htaccess file in the root of your web directory. Then add the following:

<IfModule mod_security.c>

SecFilterEngine Off

SecFilterScanPOST Off

</IfModule>

 

We will not recommend to disable Mod-Security on your account. Mod_security module helps to protect your website from various attacks. If mod-security is disabled on your account, your website will be at risk from vulnerabilities. Once mod_security is turned off for an account, we will not take any responsibility of hacking the domain, database hacking, data manipulation and other activities which mod_security can prevent.

 

If you need any further help, please reach our support department.

 

 

2 Responses to “How to disable mod_security and why it is not recommended?”

  1. Hello ,

    I am getting this problem. I did not have this setting in my cpanel so, i pasted the code in .htaccess file but still not working so, what should i have to do next plz help…

    THANKS

  2. mAxy says:

    Contact your hosting provider

Leave a Reply