How to disable mod_security and why it is not recommended?
ModSecurity is an open-source web-based firewall application (or WAF). WAF is an application firewall used for HTTP applications. ModSecurity is supported by different web servers like Apache, Nginx and IIS. With over 70% of all attacks now carried out over the web application level and organizations need every help they can get in making their systems secure.
Disable Mod-Security in cPanel
If the rules of the mod-security tools are interfering with the operations of the website and you do not find modification of rules then the best solution is to disable mod-security.
Here we can discuss about how to disable ModSecurity in your cPanel interface.
1) Login to your cPanel account.
2) Go to the section ‘Security’.
disable mod_security
3) Click the icon ‘ModSecurity’.
disable mod_security
4) Here you can see the option for enabling the ModSecurity. Click the button ‘Disable’.
disable mod_security
Now you can see a message ‘ModSecurity is disabled for all of your domains.
5) You can also disable mod_security for a particular domain, Select the domain you want to disable mod_security and click ‘Off’ button to disable.
Disable mod_security using .htaccess file
Create a .htaccess file in the root of your web directory. Then add the following:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
We will not recommend to disable Mod-Security on your account. Mod_security module helps to protect your website from various attacks. If mod-security is disabled on your account, your website will be at risk from vulnerabilities. Once mod_security is turned off for an account, we will not take any responsibility of hacking the domain, database hacking, data manipulation and other activities which mod_security can prevent.