To disable mod_security2 from cPanel server,
1. Create the following folder.
2. Create a file name disabled_modsec2.conf in the above path.
3. Enter the following line if you want to disable mod_security2 for whole domain.
For specific path,
4. Run the following script from root access.
Edit the following file,
Enter the information below,
SecRule SERVER_NAME "domain.com" phase:1,nolog,allow,ctl:ruleEngine=off
Replace the domain.com will do.
Sometimes, you might want to enable allow_url_fopen from your account for some purpose.
To enable the allow_url_fopen, you may need to understand if you are using a suPHP server.
With non phpsuexec or suphp server,
1. Go to /usr/local/apache/conf/ path,
2. Open the file named /usr/local/apache/conf/httpd.conf and find if you got the line with “Include “/usr/local/apache/conf/…”
3. Remove the # symbol if it is there.
4. Create the file in userdata according to step 2 where the username should replace with your cPanel username.
5. Add the following command and save it.
php_admin_value allow_url_fopen On
php_admin_value allow_url_include On
6. Run the following command,
service httpd restart
With suPHP server,
1. Copy the default php.ini to your user folder where username is your cPanel username.
cp /usr/local/lib/php.ini /home/<username>/public_html/
2. Change the value as,
allow_url_fopen = On
Sometimes, you might want to disable the mod_security applied to the virtual server and you might wonder how to do it.
If you are using Apache with mod_security, it could be done from the configuration file.
However, you have to understand the Apache version and mod_security version that you used.
Normally, a hosted server will use Apache 1.x with mod_security 1.x and Apache 2.x with mod_security 2.x.
To find out the Apache version, you may use the following command.
With mod_security 1.x, you may use the following command from each of the virtual host path and add into the .htaccess file.
Continue reading How to disable mod_security for an account