BuycPanel Blog

BuycPanel Blog

Latest news and updates

4/28/2015 – What is Mod_Security And Why Your Website Needs It?

Posted by Jamison on 28 04 2015.

firewallIf you are in search of a tool that can boost protection over your cPanel and WHM accounts, mod_security is a great option. However, some users have a hard time controlling and using this tool. This article will teach you how—from configuration to how you can disable the program if found to be distracting with your tasks. And yes, mod_security is compatible with cPanel and WHM. So, let’s start?


What is mod_security and why your website needs it?


ModSecurity is an apache module capable of protecting your site from any forms of virus, rats, and exploits that can damage or steal anything of value to you. With the use of this program, your site’s weaknesses will not be detected, any attacks will be blocked, and the entire server will be protected. Sometimes, users who have no or little idea on how to write codes that can prevent virus and hacks can also be assisted by mod_security.


How to know if your server has mod_security enabled


If a particular website opened as a 406-Not Acceptable error, this means that a mod_security in your system is working perfectly fine. The site is forbidden when it contains elements that have violated your website, have virus of any kind, and have data that your Accept Header have rejected.


However, if you wanted to see the website or any incoming files to my website, you can do so by disabling the program.


How to disable mod_security


Disabling this program can be of two ways—1. Selecting a certain mod_security rule for a particular domain individually; and 2. Disabling the program for the entire server.


  1. Selecting a particular rule and a domain


If you only want to eliminate some rules you think are necessary to a particular domain or website, you would have contact cPanel’s or WHM’s live support team and discuss them the matter.


Or you could also do it manually by disabling the program through the Modsec manager plugin. Use the SecRuleRemoveByld to and start choosing specific rules you want to disable. You need to have the ID to do this successfully which you can find by going to  (/usr/local/apache/logs/error_log); and then grep for the domain that you think is triggering the 406 error. Go to grep /usr/local/apache/logs/error_log | grep ModSecurity


This will give an ID number (like this: “950004”) which you are going to write in the .htaccess file. Replace the old number by the given ID number. Example is written as SecRuleRemoveById 950004


  1. Disabling the entire program for the entire server


Now, if you don’t want to use the tools to your website, you can also turn off the program by going to the WHM. When you are in the WHM, look for Mod Security, and select “No Configuration.


However, keep in mind that removing this program to your server can expose it to any potential threats, viruses, attacks, and hacks that can totally damage and steal any data of your website.