Mod security is an Apache module that helps to protect your website from various attacks. It is used to block commonly known exploits using regular expressions and rule sets. It blocks injection attacks which secure your server. We use mod_security1 for Apache1.x and mod_security2 for Apache2.x. In case of mod_security1, we can disable mod_security for a domain using .htaccess file.
If you need to disable mod_security for a domain in Apache1.x, then add the following in the .htaccess
SecFilterEngine Off
In Mod security2, if you wish to block it for a domain, then follow the steps below:
1. Create a folder with the domain name as instructed below:
# mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain.com
Update: In EasyApache 4, the directory structure is little bit different. Create directory as below:
# mkdir -p /etc/apache2/conf.d/userdata/std/2_4/username/domain.com
2. Then create a file vhost.conf in it
# vi /usr/local/apache/conf/userdata/std/2/username/domain.com/vhost.conf
In EA4: /etc/apache2/conf.d/userdata/std/2_4/username/domain.com/vhost.conf
3. Add the following contents in it:
save it.
4. Finally, execute the following command
# /scripts/ensure_vhost_includes --user=username
This script will uncomment the following line in Apache configuration. It will customize the virtual host to use the particular include file and will restart Apache
Include “/usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf”
That’s it!!!
How to disable
SpamAssassin and it’s service – WHM/cPanel
SSH login as root user
Disable open_basedir in Directadmin server
Disable ‘Directory listing’ in Apache web server
Disable phpinfo(); in a shared environment
Hello Arun Please post Mod Security Rules it is null for me nothing is written in it
Thank