How to disable mod_security and why it is not recommended?

ModSecurity is an open-source web-based firewall application (or WAF). WAF is an application firewall used for HTTP applications. ModSecurity is supported by different web servers like Apache, Nginx and IIS. With over 70% of all attacks now carried out over the web application level and organizations need every help they can get in making their systems secure.

Disable Mod-Security in cPanel

If the rules of the mod-security tools are interfering with the operations of the website and you do not find modification of rules then the best solution is to disable mod-security.

Here we can discuss about how to disable ModSecurity in your cPanel interface.

1) Login to your cPanel account.

2) Go to the section ‘Security’.

disable mod_security

3) Click the icon ‘ModSecurity’.

 disable mod_security

4) Here you can see the option for enabling the ModSecurity. Click the button ‘Disable’.

 disable mod_security

Now you can see a message ‘ModSecurity is disabled for all of your domains.

5) You can also disable mod_security for a particular domain, Select the domain you want to disable mod_security and click ‘Off’ button to disable.

Disable mod_security using .htaccess file

Create a .htaccess file in the root of your web directory. Then add the following:

  • <IfModule mod_security.c>
  • SecFilterEngine Off
  • SecFilterScanPOST Off
  • </IfModule>

We will not recommend to disable Mod-Security on your account. Mod_security module helps to protect your website from various attacks. If mod-security is disabled on your account, your website will be at risk from vulnerabilities. Once mod_security is turned off for an account, we will not take any responsibility of hacking the domain, database hacking, data manipulation and other activities which mod_security can prevent.