How to disable mod_security for an account

Sometimes, you might want to disable the mod_security applied to the virtual server and you might wonder how to do it.

If you are using Apache with mod_security, it could be done from the configuration file.

However, you have to understand the Apache version and mod_security version that you used.

Normally, a hosted server will use Apache 1.x with mod_security 1.x and Apache 2.x with mod_security 2.x.

To find out the Apache version, you may use the following command.

httpd -v

With mod_security 1.x, you may use the following command from each of the virtual host path and add into the .htaccess file.

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off

With mod_security 2.x, you could not add them to the .htaccess file, but you have to done it from the httpd.conf where they have improved the security and implementation.

If you using cPanel server, you will need to modify the httpd.conf file.

Assume your Apache configuration located at /usr/local/apache/conf,

vi /usr/local/apache/conf/httpd.conf

Search the virtual hosting such as, uncommented(remove) the # from line as below.
Include “/usr/local/apache/conf/userdata/std/2/mickgenie/*.conf

Run the following command to create the mentioned path.

mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain_name/;cd /usr/local/apache/conf/userdata/std/2/username/domain_name/

Then you will need to create a file named bypass_modsec.conf and insert the command as below.

<IfModule mod_security2.c>
SecRuleEngine Off

Save it and restart the Apache.

Published by

Mick Genie

Mick Genie is the founder of and working at ExaBytes Network Sdn Bhd and WPWebHost web host company. He is expertise in Windows and Linux environment especially web hosting related information, tips and trick as well as the IT Information.

One thought on “How to disable mod_security for an account”

Comments are closed.