Mod_security is an open-source Apache module. This can be considered a firewall for web applications. It secures the system from attackers. We use mod_security1 for Apache1.x and Apache 2.x uses mod_security2. In the case of mod_security1, we can disable it for a domain using the .htaccess file.
If you want to disable mod_sec for one domain then add the following line in .htaccess
SecFilterEngine Off
However, we can’t block mod_security2 via .htaccess on a domain basis.
The following steps can be used to disable mod_security2 rule for one domain in cPanel servers.
1. Make the directory “/usr/local/apache/conf/userdata/std/2/username/domain.com”
2. Create a file “vhost.conf” in the above location
3. Add the following lines :
<IfModule mod_security2.c> SecRuleEngine Off </IfModule>
To disable mod_secuirty for a particular location :
<LocationMatch specify_the_path_here> <IfModule mod_security2.c> SecRuleEngine Off </IfModule> </LocationMatch>
To disable a particular mod_secuirty rule :
<IfModule mod_security2.c> SecRuleRemoveById give_ruleID_here </IfModule>
Please make sure run the following script after making the changes.
/scripts/ensure_vhost_includes --user=username
This script will uncomment the following line in apache configuration. It will customise the virtual host to use the particular include file and will restart apache.
Include "/usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf"