How do I enable/disable mod_security in cPanel?
What is mod_security?
Mod_security, sometimes called Modsec, is an open source WAF (Web Application Firewall). It provides a toolkit for real-time monitoring, logging and access control for web applications and is very flexible in terms of the applicable rule set. We have a custom ruleset on our servers that aims to prevent a wide range of web application level attacks. By default, mod_security is enabled on all of our servers, but there are situations where you may want to disable it because you have certain Scripts or your application cannot execute because they trigger one of the rules we have configured.
ModSecurity is a module that protects your website from various types of attacks. ModSecurity protects your website from hackers, attacks, brute force attacks, cross-site request forgery (CSRF) and many other threats. Although it sometimes causes problems, we recommend that you do not disable it, but fix the vulnerability in your software instead. The reason for this is that ModSecurity only blocks your websitewhen Your software security bad is.
How do I disable/enable mod_security?
By disabling ModSecurity, you can determine if your IP or your customer/visitor's IP is blocked by ModSecurity. If this is not the case, your IP is blocked for some other reason.
Log in to your cPanel account. If you are not sure how to do this, please follow our tutorial on this topic: How can I log in to the cPanel?
Once you are logged in, please navigate to the section "Security" and click on the icon "ModSecurity".
You will be redirected to a page that contains a list of all your domains on the server. To disable mod_security for all domain names, please click the "Disable" button located in a blue text box at the top of the screen.
If you want to disable Modsec for a single domain name, please use the toggle switch and set it to "Off". This switch is located on the right side of the table section corresponding to the domain you want to change.
Once this is done, you will get a green text box on the top right informing you that the service has been disabled.
Fix the problem
Now fix the problem you have encountered. In plain language: You have to fix the vulnerability in your software!!!
Return to cPanel and activate ModSecurity immediately againafter you have fixed the problem. If you need to stop troubleshooting and wait before continuing, make sure you re-enable ModSecurity. Do not leave ModSecurity disabled longer than necessary.
We recommend using this option with caution - if you suspect that your website's problem is related to ModSecurity, do not hesitate to first check our Support Team to contact.
If this article has helped you fix a problem or solve a web hosting issue, feel free to share it with the rest of the online community.