mod_security is a useful Apache module that protects your website from malicious attacks. However, if it doesn’t work properly for you, then you may no option but to turn off mod_security. Here’s how to disable mod_security in Apache. We will look at how to disable mod_security in Apache using .htaccess, and cPanel.
How to Disable mod_security using .htaccess
Here are the steps to disable mod_security using .htaccess. Before proceeding further please ensure you have enabled mod_rewrite in your Apache server. Here are the steps to enable .htaccess in Apache
Bonus Read : How to Enable CORS in Apache
1. Open .htaccess file
.htaccess file allows you to modify Apache server settings without changing its server configuration file. Let’s say your .htaccess file is located at your website’s root folder /var/www/html. Open it in a terminal.
$ sudo vi /var/www/html/.htaccess
2. Disable mod_security in .htaccess
Add the following code to your .htaccess file to turn off mod_security in Apache web server.
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>
Bonus Read : How to List all Virtual Hosts in Apache
3. Restart Apache web server
Restart Apache web server to apply changes.
-------------- On Debian/Ubuntu -------------- # apache2 -t # systemctl restart apache2.service -------------- On RHEL/CentOS/Fedora -------------- # httpd -t # systemctl restart httpd.service
Bonus Read : How to Enable TLS 1.3 in Apache
Disable mod_security in cPanel
Here are the steps to disable mod_security in cPanel
1. Log into cPanel
Log into cPanel and go to Security section.
2. Disable mod_security in cPanel
Click mod_security icon
Bonus Read : How to Install Varnish in Apache
You will see a page to enable/disable modsecurity. Click on ‘Disable’ button
You will see a message that mod_security has been disabled for all your domains in cPanel.
If you want to disable modsecurity for only some of your domains, click the Off button for your domain, under ‘Configure individual domains’ section.
Restart Apache server to apply changes
Hopefully, the above steps will help you disable mod_security in Apache web server.