Any user can turn off mod_security!!!!!!

qwerty

Well-Known Member
Jan 21, 2003
215
2
168
modsec can be turned off via .htaccess regardless of whether you've installed modsec through WHM or manually
 

anup123

Well-Known Member
Mar 29, 2004
889
1
168
This Planet
rs-freddo said:
If it's compiled properly it can't be turned off.
I have voted in good "hope".
However, wouldn't just running following (and disabling aut update to this module in WHM) serve the purpose

cd /usr/src/modsecurity-apache-1.9.1/apache1

/usr/local/apache/bin/apxs -ci -D DISABLE_HTACCESS_CONFIG mod_security.c

That should serve the purpose?

I know it's just a matter of adding -D DISABLE_HTACCESS_CONFIG from cpanel to

/var/cpanel/apachemod/modsecurity.apache

but till then would/shouldn't the above be sufficient?

TIA
Anup
 

anup123

Well-Known Member
Mar 29, 2004
889
1
168
This Planet
cd /usr/src/modsecurity-apache-1.9.1/apache1
/usr/local/apache/bin/apxs -ci -D DISABLE_HTACCESS_CONFIG mod_security.c

restart httpd

don't forget to Uncheck the checkbox "Install and Keep Updated" in WHM > Add on Modules for mod_security. Tried disabling mod_security in htaccess and got ISE so i presume that it works.

Anup
 

mtindor

Well-Known Member
Sep 14, 2004
1,457
112
193
inside a catfish
cPanel Access Level
Root Administrator
I know this is an old thread. however, it would still be great if cPanel would include an option to compile mod_security with DISABLE_HTACCESS_CONFIG.

Mike