How to disable mod-security?

ModSecurity is an open-source web-based firewall application (or WAF). WAF is an application firewall used for HTTP applications. ModSecurity is supported by different web servers like Apache, Nginx, and IIS. With over 70% of all attacks now carried out over the web application level and organizations need every help they can get in making their systems secure.

Disable Mod-Security in cPanel

If the rules of the mod-security tools are interfering with the operations of the website and you do not find a modification of rules then the best solution is to disable mod-security. Here we can discuss how to disable ModSecurity in your cPanel interface.

1) Log into your cPanel account.

2) Go to the section ‘Security’.

3) Click the icon ‘ModSecurity’.

4) Here you can see the option for enabling the ModSecurity. Click the button ‘Disable’.

 disable mod_security

Now you can see a message ‘ModSecurity is disabled for all of your domains.

5) You can also disable mod_security for a particular domain, Select the domain you want to disable mod_security and click the ‘Off’ button to disable.


Disable mod-security using .htaccess file

Create a .htaccess file in the root of your web directory. Then add the following:

<IfModule mod_security.c>

SecFilterEngine Off

SecFilterScanPOST Off


In case you have any other questions, please reach out to us via:

How can we help?