Mod_security is an open source Apache module. This can be considered as firewall for web applications. It secures the system from the attackers. We use mod_security1 for Apache1.x and Apache 2.x uses mod_security2. In case of mod_security1, we can disable it for a domain using the .htaccess file.
If you want to disable mod_sec for one domain then add the following Line in .htaccess
—————–
SecFilterEngine Off
——————
However, we can’t block mod_security2 via .htaccess on domain basis.
The following steps can be used to disable mod_security2 rule for one domain in cPanel servers.
1. Make the directory “/usr/local/apache/conf/userdata/std/2/username/domain.com”
2. Create a file “vhost.conf” in the above location
3. Add the following lines :
———-
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
———-
To disable mod_secuirty for a particular location :
———
<LocationMatch specify_the_path_here>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</LocationMatch>
———
To disable a particular mod_secuirty rule :
———
<IfModule mod_security2.c>
SecRuleRemoveById give_ruleID_here
</IfModule>
———
Please make sure run the following script after making the changes.
———
/scripts/ensure_vhost_includes –user=username
———
This script will uncomment the following line in apache configuration. It will customise the virtual host to use the particular include file and will restart apache.
———–
Include “/usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf”
———–