ModSecurity is an open-source web application firewall (WAF) supported by web servers like Apache, Nginx, and IIS. It helps protect against web-based attacks, which now account for over 70% of all cyberattacks. However, in some cases, ModSecurity rules may interfere with website operations, requiring it to be disabled temporarily or for specific domains.
Disable ModSecurity in cPanel
If ModSecurity rules are causing issues and you cannot modify the rules, you can disable it directly in cPanel:
1. Log into your cPanel account.
2. Navigate to the “Security” section.
3. Click on “ModSecurity”.
4. To disable ModSecurity for all domains, click the “Disable” button. A confirmation message will appear stating: “ModSecurity is disabled for all of your domains.”
5. You can also disable ModSecurity for a particular domain. Select a specific domain and click the “Off” button to disable.
Disable ModSecurity Using .htaccess
If you prefer or need to disable ModSecurity via the .htaccess file, follow these steps:
1. Create or edit a .htaccess file in the root directory of your website.
2. Add the following code to disable ModSecurity:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>3. Save the file and upload it to your website’s root directory.
In case you have any other questions, please reach out to us via:
- Ticket system (highly recommended)
- Email us at [email protected]
