How to Disable mod_security in Apache

mod_security is a useful Apache module that protects your website from malicious attacks. However, if it doesn’t work properly for you, then you may no option but to turn off mod_security. Here’s how to disable mod_security in Apache. We will look at how to disable mod_security in Apache using .htaccess, and cPanel.

Table of Contents

How to Disable mod_security using .htaccess

Here are the steps to disable mod_security using .htaccess. Before proceeding further please ensure you have enabled mod_rewrite in your Apache server. Here are the steps to enable .htaccess in Apache

Bonus Read : How to Enable CORS in Apache

1. Open .htaccess file

.htaccess file allows you to modify Apache server settings without changing its server configuration file. Let’s say your .htaccess file is located at your website’s root folder /var/www/html. Open it in a terminal.

$ sudo vi /var/www/html/.htaccess

2. Disable mod_security in .htaccess

Add the following code to your .htaccess file to turn off mod_security in Apache web server.

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Bonus Read : How to List all Virtual Hosts in Apache

3. Restart Apache web server

Restart Apache web server to apply changes.

-------------- On Debian/Ubuntu -------------- 
# apache2 -t 
# systemctl restart apache2.service 
-------------- On RHEL/CentOS/Fedora -------------- 
# httpd -t 
# systemctl restart httpd.service

Bonus Read : How to Enable TLS 1.3 in Apache