cPanel: How to disable mod_security2 for account or path

To disable mod_security2 from cPanel server,

1. Create the following folder.

/usr/local/apache/conf/userdata/std/2/username/domain.com

2. Create a file name disabled_modsec2.conf in the above path.
3. Enter the following line if you want to disable mod_security2 for whole domain.

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

For specific path,

<LocationMatch your_path>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</LocationMatch>

4. Run the following script from root access.

/scripts/ensure_vhost_includes –user=username

 Alternatively,
Edit the following file,

/usr/local/apache/conf/modsec2.conf

Enter the information below,

SecRule SERVER_NAME "domain.com" phase:1,nolog,allow,ctl:ruleEngine=off

Replace the domain.com will do.

Apache: service httpd does not support chkconfig

As you know, when you installed your Apache service to your Centos/Redhat server manually (make & make install but not yum) and could like to run the service automatically, you should copy the apachectl from the Apache bin folder to /etc/init.d/ folder as named httpd.

Then you might want to set the chkconfig and facing the error as below,

service httpd does not support chkconfig

To fix this issue, you may simply add the following line to your file at /etc/init.d/httpd.

#
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve
# HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache/logs/httpd.pid
# config: /usr/local/apache/conf/httpd.conf

Then you may chkconfig again,

chkconfig --level 235 httpd on

And now restart your httpd service.

Allow allow_url_fopen on cPanel server

Sometimes, you might want to enable allow_url_fopen from your account for some purpose.

To enable the allow_url_fopen, you may need to understand if you are using a suPHP server.

With non phpsuexec or suphp server,
1. Go to /usr/local/apache/conf/ path,
cd /usr/local/apache/conf/
2. Open the file named /usr/local/apache/conf/httpd.conf and find if you got the line with “Include “/usr/local/apache/conf/…”
3. Remove the # symbol if it is there.
4. Create the file in userdata according to step 2 where the username should replace with your cPanel username.
vi /usr/local/apache/conf/userdata/<number>/<username>/allowurl.conf
5. Add the following command and save it.
<IfModule mod_php5.c>
php_admin_value allow_url_fopen On
php_admin_value allow_url_include On
</IfModule>
6. Run the following command,
/usr/local/cpanel/bin/apache_conf_distiller –update
/usr/local/cpanel/bin/build_apache_conf
service httpd restart

With suPHP server,
1. Copy the default php.ini to your user folder where username is your cPanel username.
cp /usr/local/lib/php.ini /home/<username>/public_html/
2. Change the value as,
allow_url_fopen = On

How to disable mod_security for an account

Sometimes, you might want to disable the mod_security applied to the virtual server and you might wonder how to do it.

If you are using Apache with mod_security, it could be done from the configuration file.

However, you have to understand the Apache version and mod_security version that you used.

Normally, a hosted server will use Apache 1.x with mod_security 1.x and Apache 2.x with mod_security 2.x.

To find out the Apache version, you may use the following command.

httpd -v

With mod_security 1.x, you may use the following command from each of the virtual host path and add into the .htaccess file.

Continue reading How to disable mod_security for an account