Disable mod_security on a domain in cpanel server.

ARUN Posted in MOD_SECURITY, WHM BACKEND
08 December 2011
0

vi /usr/local/apache/conf/modsec2.user.conf

On top of that file insert the below rule

SecRule SERVER_NAME “domain.com” phase:1,nolog,allow,ctl:ruleEngine=off

Not Acceptable An appropriate representation of the requested resource / could not be found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

ARUN Posted in MOD_SECURITY
02 July 2011
0

Not Acceptable An appropriate representation of the requested resource / could not be found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Solution :

Most probably this is due to mod_security

You can check the logs :

/usr/local/apache/logs/modsec_audit.log

Or error log

Mod_security rules are present in path

ARUN Posted in MOD_SECURITY
21 July 2010
0

/usr/local/apache/conf/modsec

How to disable mod_security for a particular domain

ARUN Posted in MOD_SECURITY, PHP
13 July 2010
0

In order to disable mod_security add the following code into the .htaccess file
<IfModule mod_security.c>
# Turn off mod_security filtering.
SecFilterEngine Off

# The below probably isn’t needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>

/// If it is apache 2 then mod_security will be version2 so in that case use
SecRuleEngine Instead of SecFilterEngine

ie :

=========================================

<IfModule mod_security.c>
# Turn off mod_security filtering.
SecRuleEngine Off
SecFilterScanPOST Off
</IfModule>
====================================

DISABLE MOD_SECURITY on a single domain on mod_security2

vi /usr/local/apache/conf/httpd.conf

Search the virtual hosting such as mickgenie.com, uncommented(remove) the # from line as below.
Include “/usr/local/apache/conf/userdata/std/2/USERNAME/domain.com/*.conf

mkdir -p /usr/local/apache/conf/userdata/std/2/USERNAME/domain.com/

cd /usr/local/apache/conf/userdata/std/2/USERNAME/domain.com/

Then you will need to create a file named bypass_modsec.conf and insert the command as below.

================

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

 

=====================

OR

vi /usr/local/apache/conf/httpd.conf

Before the Virtual host entry for the domain ends, add the below code :

=============

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

=============

Save it and restart the Apache.