How to disable mod_security and why it is not recommended?
Posted on December 26th, 2018
ModSecurity is an open-source web-based firewall application (or WAF). WAF is an application firewall used for HTTP applications. ModSecurity is supported by different web servers like Apache, Nginx and IIS. With over 70% of all attacks now carried out over the web application level and organizations need every help they can get in making their systems secure. For more information refer https://www.interserver.net/tips/kb/what-is-modsecurity-and-how-to-use-it/
Disable Mod-Security in cPanel
If the rules of the mod-security tools are interfering with the operations of the website and you do not find modification of rules then the best solution is to disable mod-security.
Here we can discuss about how to disable ModSecurity in your cPanel interface.
1) Login to your cPanel account.
2) Go to the section ‘Security’.
3) Click the icon ‘ModSecurity’.
4) Here you can see the option for enabling the ModSecurity. Click the button ‘Disable’.
Now you can see a message ‘ModSecurity is disabled for all of your domains.
5) You can also disable mod_security for a particular domain, Select the domain you want to disable mod_security and click ‘Off’ button to disable.
Disable mod_security using .htaccess file
Create a .htaccess file in the root of your web directory. Then add the following:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
We will not recommend to disable Mod-Security on your account. Mod_security module helps to protect your website from various attacks. If mod-security is disabled on your account, your website will be at risk from vulnerabilities. Once mod_security is turned off for an account, we will not take any responsibility of hacking the domain, database hacking, data manipulation and other activities which mod_security can prevent.
If you need any further help, please reach our support department.
Hello ,
I am getting this problem. I did not have this setting in my cpanel so, i pasted the code in .htaccess file but still not working so, what should i have to do next plz help…
THANKS
Contact your hosting provider