How to Disable Mod_Security for a Single User Account or Domain

ModSecurity is an Apache Module, also known as the Web Application Firewall (WAF) that are deployed to provide an external security layer that increases protection level, detects and prevent attacks before they reach the web-based application/software programs. How ModSecurity blocks the attack/exploits is by use of specific ModSecurity rule sets.

At times, we may encounter Error 406 or need to disable the mod_security rules in order to allow our applications to function correctly.

Here's how you can disable ModSecurity. Below are 2 common approach you can use to disable mod_security:

==============================
Method 1: BY SSH command
==============================
grep domain.com /usr/local/apache/logs/error_log | grep ModSecurity

Will show sample log like below:

4668 950004 domain.com /wp-content/themes/drone/jquery.cookie.js
29070 950004 www.domain.com /wp-content/themes/drone/jquery.cookie.js

Disable a particular ID

echo "SecRuleRemoveById 950004" >> /usr/local/apache/conf/userdata/std/2/userna5/domain.com/modsec.conf

Note: Replace userna5 with your cpanel username and domain.com with the actual domain name e.g. example.com

Restart Apache



====================================================
Method 2: By .htaccess (only in user's account, not server)
====================================================
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Updated on: 07/01/2023