To disable mod_security2 from cPanel server,
1. Create the following folder.
2. Create a file name disabled_modsec2.conf in the above path.
3. Enter the following line if you want to disable mod_security2 for whole domain.
For specific path,
4. Run the following script from root access.
Edit the following file,
Enter the information below,
SecRule SERVER_NAME "domain.com" phase:1,nolog,allow,ctl:ruleEngine=off
Replace the domain.com will do.
As you know, when you installed your Apache service to your Centos/Redhat server manually (make & make install but not yum) and could like to run the service automatically, you should copy the apachectl from the Apache bin folder to /etc/init.d/ folder as named httpd.
Then you might want to set the chkconfig and facing the error as below,
service httpd does not support chkconfig
To fix this issue, you may simply add the following line to your file at /etc/init.d/httpd.
# Startup script for the Apache Web Server
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve
# HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache/logs/httpd.pid
# config: /usr/local/apache/conf/httpd.conf
Then you may chkconfig again,
chkconfig --level 235 httpd on
And now restart your httpd service.
Sometimes, you might want to enable allow_url_fopen from your account for some purpose.
To enable the allow_url_fopen, you may need to understand if you are using a suPHP server.
With non phpsuexec or suphp server,
1. Go to /usr/local/apache/conf/ path,
2. Open the file named /usr/local/apache/conf/httpd.conf and find if you got the line with “Include “/usr/local/apache/conf/…”
3. Remove the # symbol if it is there.
4. Create the file in userdata according to step 2 where the username should replace with your cPanel username.
5. Add the following command and save it.
php_admin_value allow_url_fopen On
php_admin_value allow_url_include On
6. Run the following command,
service httpd restart
With suPHP server,
1. Copy the default php.ini to your user folder where username is your cPanel username.
cp /usr/local/lib/php.ini /home/<username>/public_html/
2. Change the value as,
allow_url_fopen = On
Sometimes, you might want to disable the mod_security applied to the virtual server and you might wonder how to do it.
If you are using Apache with mod_security, it could be done from the configuration file.
However, you have to understand the Apache version and mod_security version that you used.
Normally, a hosted server will use Apache 1.x with mod_security 1.x and Apache 2.x with mod_security 2.x.
To find out the Apache version, you may use the following command.
With mod_security 1.x, you may use the following command from each of the virtual host path and add into the .htaccess file.
Continue reading How to disable mod_security for an account