Disable mod_security2 for a single domain

Mod_security is an open source Apache module. This can be considered as firewall for web applications. It secures the system from the attackers. We use mod_security1 for Apache1.x and Apache 2.x uses mod_security2. In case of mod_security1, we can disable it for a domain using the .htaccess file.

If you want to disable mod_sec for one domain then add the following Line in .htaccess

—————–

SecFilterEngine Off

——————

However, we can’t block mod_security2 via .htaccess on domain basis.

The following steps can be used to disable mod_security2 rule for one domain in cPanel servers.

1. Make the directory “/usr/local/apache/conf/userdata/std/2/username/domain.com”

2. Create a file “vhost.conf” in the above location

3. Add the following lines :

———-

<IfModule mod_security2.c>

SecRuleEngine Off

</IfModule>

———-

To disable mod_secuirty for a particular location :

———

<LocationMatch specify_the_path_here>

<IfModule mod_security2.c>

SecRuleEngine Off

</IfModule>

</LocationMatch>

———

To disable a particular mod_secuirty rule :

———

<IfModule mod_security2.c>

SecRuleRemoveById give_ruleID_here

</IfModule>

———

Please make sure run the following script after making the changes.

———

/scripts/ensure_vhost_includes –user=username

———

This script will uncomment the following line in apache configuration. It will customise the virtual host to use the particular include file and will restart apache.

———–

Include “/usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf”

———–

Both comments and pings are currently closed.

Comments are closed.