mod_security nightmares

[Pwnageservers]

mod_security is giving me 406 errors with /mail, /cpanel, and /whm. any ideas people?
All help appreciated.

[AnilR]

If you are using Apache web server then mod_security can be disabled by adding following two lines within the .htaccess file in Apache web root directory like for cPanel in /home/user/public_html.
If it does not exist then create a new file named .htaccess and add the code:


SecFilterEngine Off
SecFilterScanPOST Off

But I would recommend you to remove and uninstall mod_security. You an just comment out or delete the related mod_security entries from httpd.conf Apache configuration file.

[nat]

If you are using Apache web server then mod_security can be disabled by adding following two lines within the .htaccess file in Apache web root directory like for cPanel in /home/user/public_html.
If it does not exist then create a new file named .htaccess and add the code:

SecFilterEngine Off
SecFilterScanPOST Off

That no longer works with mod_security2

[duranduran]

I have the same problem. How can i disable mod_secure for one single domain ?

[nat]

Step 1: Create a directory

Code:

mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain.com

Replace "username" with the domain's username

Replace "domain.com" with the domain name




Step 2: Add an include file for that domain

1. Run:

Code:

nano /usr/local/apache/conf/userdata/std/2/username/domain.com/mod_security2.conf

Replace "username" with the domain's username

Replace "domain.com" with the domain name


2. Add the following code to mod_security2.conf:

Code:

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

3. Save and Exit nano




Step 3: Run the following to add that include file for that particluar domain to httpd.conf

Code:

/scripts/ensure_vhost_includes --user=username

Replace "username" with the domain's username




Step 4: If step 3 doesn't restart apache, restart apache.

Run:

Code:

/sbin/service httpd restart