How to disable Mod security for a particular domain in cPanel

Mod_security is an open-source Apache module. This can be considered a firewall for web applications. It secures the system from attackers. We use mod_security1 for Apache1.x and Apache 2.x uses mod_security2. In the case of mod_security1, we can disable it for a domain using the .htaccess file.

If you want to disable mod_sec for one domain then add the following line in .htaccess

SecFilterEngine Off

However, we can’t block mod_security2 via .htaccess on a domain basis.

The following steps can be used to disable mod_security2 rule for one domain in cPanel servers.

1. Make the directory “/usr/local/apache/conf/userdata/std/2/username/”

2. Create a file “vhost.conf” in the above location

3. Add the following lines :

<IfModule mod_security2.c>
SecRuleEngine Off

To disable mod_secuirty for a particular location :

<LocationMatch specify_the_path_here>
<IfModule mod_security2.c>
SecRuleEngine Off

To disable a particular mod_secuirty rule :

<IfModule mod_security2.c>
SecRuleRemoveById give_ruleID_here

Please make sure run the following script after making the changes.

/scripts/ensure_vhost_includes --user=username

This script will uncomment the following line in apache configuration. It will customise the virtual host to use the particular include file and will restart apache.

Include "/usr/local/apache/conf/userdata/std/2/username/*.conf"
Scroll to Top