BuycPanel Blog

BuycPanel Blog

Latest news and updates

How to Disable Mod_Security in cPanel

Posted by Allison on 10 07 2017.

Year after year, the threat of online attacks by hackers and malicious entities has been steadily increasing. And recently, most of these attacks have been targeting web application levels through injecting codes that can alter the designed functions of websites. Luckily, the Mod_Security firewall application was developed to protect our websites from code injection attacks and other common exploits used by hackers.

What is Mod_Security?

Mod_Security is an important Apache module that secures our websites by providing a strong firewall protection that defends our web application programs from attacks. This firewall application operates using a set of rules and regular expressions that block malicious attacks and preserve the intended function of our websites.

However, even though the Mod_Security application is a handy security tool, it may sometimes cause problems whenever a site update or development is being performed. Some of the most common problems that we encounter when Mod_Security is enabled during updates…

Year after year, the threat of online attacks by hackers and malicious entities has been steadily increasing. And recently, most of these attacks have been targeting web application levels through injecting codes that can alter the designed functions of websites. Luckily, the Mod_Security firewall application was developed to protect our websites from code injection attacks and other common exploits used by hackers.

What is Mod_Security?

Mod_Security is an important Apache module that secures our websites by providing a strong firewall protection that defends our web application programs from attacks. This firewall application operates using a set of rules and regular expressions that block malicious attacks and preserve the intended function of our websites.

However, even though the Mod_Security application is a handy security tool, it may sometimes cause problems whenever a site update or development is being performed. Some of the most common problems that we encounter when Mod_Security is enabled during updates or development are the occurrence of “404 Not Found” errors, “500 Internal Server Errors”, “406 Not Acceptable” errors,  and “403 Forbidden” errors. These errors are triggered whenever the Mod_Security application produces false positive results. Fortunately, these errors can be easily resolved by disabling the Mod_Security application in cPanel.

How to Disable Mod_Security in cPanel

To fix errors caused by the Mod_Security application during updates and development, you need to disable Mod-Security on the domain that you are working on. To disable it, simply follow the instructions written below.

Step 1: Login to cPanel

You can login to cPanel by going to your web hosting site and then clicking on the cPanel Icon. You can also directly enter the URL of your cPanel site on your web browser to access the login screen.

Step 2: Select Mod Security Manager in cPanel

After logging in to cPanel, go to the security section and click on the Mod Security Manager Icon.

Step 3: Find the domain that you want Mod_Security to be disabled

After clicking the Mod Security Manager Icon, you will be directed to a screen where you will see all the domains that you are managing in your cPanel. Scroll through the domains listed and find the one that you want the Mod_Security application to be turned off.

Step 4: Uncheck the Box located beside the domain name that you want Mod_Security to be disabled

After finding the domain name that you want Mod_Security to be disabled, locate the checkbox next to it.

A box that has a check mark means that Mod_Security for that domain is enabled and the one without a check mark means that it is disabled.

To disable Mod_Security, uncheck the box by clicking on it.

Note: Some versions of cPanel have an ON and OFF button instead of a checkbox. To disable Mod_Security on these cPanel versions, simply click on the OFF button located beside the domain name that you want Mod_Security disabled and just skip Step 5.

Step 5: Click the Update Button

After making sure that the box located next to the domain name that you want Mod_Security to be disabled is unchecked, you can now click on the update button to save the settings.

 

You have now successfully disabled Mod_Security for the domain name that you have selected. Just don’t forget to turn it back on, once you have finished the update or development that you are performing for the site to ensure that your website is protected and safe from unwanted intrusions.