How to disable mod_security for an account

I’ve found that’s very useful and interested post from Mick Genie Blog’s about web hosting hot topics issues – mod_security. Sometimes, some applications will be need to disabled the mod_security applied to the virtual server in order to make their application works. You might wonder how to do on it?

Here with sharing with you all today.

If you are using Apache with mod_security, it could be done from the configuration file.However, you have to understand the Apache version and mod_security version that you used.

Normally, a hosted server will use Apache 1.x with mod_security 1.x and Apache 2.x with mod_security 2.x. To find out the Apache version, you may use the following command.

1. $ httpd -v

With mod_security 1.x, you may use the following command from each of the virtual host path and add into the .htaccess file.

1. ‹IfModule mod_security.c›
2. SecFilterEngine Off
3. SecFilterScanPOST Off
4. ‹/IfModule›


With mod_security 2.x, you could not add them to the .htaccess file, but you have to done it from the httpd.conf where they have improved the security and implementation.

If you using cPanel server, you will need to modify the httpd.conf file. Assume your Apache configuration located at /usr/local/apache/conf,

1. vi /usr/local/apache/conf/httpd.conf

Search the virtual hosting such as, uncommented(remove) the # from line as below.
Include “/usr/local/apache/conf/userdata/std/2/mickgenie/*.conf

Run the following command to create the mentioned path.

1. mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain_name/;cd /usr/local/apache/conf/userdata/std/2/username/domain_name/

Then you will need to create a file named bypass_modsec.conf and insert the command as below.

1. ‹IfModule mod_security2.c›
2. SecRuleEngine Off
3. ‹/IfModule›

Save it and restart the Apache.

Published in: on April 2, 2011 at 5:57 pm  Comments Off on How to disable mod_security for an account