Articles on: VPS

How to Disable Mod_Security for a Single User Account or Domain

ModSecurity is an Apache Module, also known as the Web Application Firewall (WAF) that are deployed to provide an external security layer that increases protection level, detects and prevent attacks before they reach the web-based application/software programs. How ModSecurity blocks the attack/exploits is by use of specific ModSecurity rule sets.

At times, we may encounter Error 406 or need to disable the mod_security rules in order to allow our applications to function correctly.

Here's how you can disable ModSecurity. Below are 2 common approach you can use to disable mod_security:

Method 1: BY SSH command
grep /usr/local/apache/logs/error_log | grep ModSecurity

Will show sample log like below:

4668 950004 /wp-content/themes/drone/jquery.cookie.js
29070 950004 /wp-content/themes/drone/jquery.cookie.js

Disable a particular ID

echo "SecRuleRemoveById 950004" >> /usr/local/apache/conf/userdata/std/2/userna5/

Note: Replace userna5 with your cpanel username and with the actual domain name e.g.

Restart Apache

Method 2: By .htaccess (only in user's account, not server)
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off

Updated on: 07/01/2023

Was this article helpful?

Share your feedback


Thank you!