Disable ModSecurity (mod_security) Via .htaccess file

Disable ModSecurity (mod_security) Via .htaccess file. ModSecurity is a web application firewall.It provides a wide range of security in Web applications.Real time traffic monitoring and analysis without messing anything around.A normal level use of mod_security helps the website.But, with high strict rules and mis-configurations may cause 403 Forbidden errors or access denied issues,login issues or HTTP 406 Not Acceptable errors etc.

Most of the web applications use Apache webserver, if you are using apache, you can disable it via the control panel (cpanel) of the system or via .htaccess file existed in the web root directory, public_html or /var/www/ or others.

Add the below lines to the .htaccess file and save it.If .htaccess file is not found, create one and save it.

< IfModule mod_security.c >
SecFilterEngine Off
SecFilterScanPOST Off
< / IfModule >

This will disable the ModSecurity module (mod_security) for the domain.

To Uninstall the ModSecurity module:

Comment out or delete the below lines in the httpd.conf Apache configuration file

AddModule mod_security.c
LoadModule security_module modules/mod_security.so
Include "/usr/local/apache/conf/modsec.conf"

Save the httpd.conf and restart the Apache server.Ahter restarting apache will not load the Modsecurity module.Please note that the above lines will vary depends upon the Linux or Unix, you are using.

Leave a Comment

Your email address will not be published. Required fields are marked *