Any user can turn off mod_security!!!!!!

Not if you install it manually :D

 

modsec can be turned off via .htaccess regardless of whether you've installed modsec through WHM or manually

 

I have voted in good "hope".
However, wouldn't just running following (and disabling aut update to this module in WHM) serve the purpose

cd /usr/src/modsecurity-apache-1.9.1/apache1

/usr/local/apache/bin/apxs -ci -D DISABLE_HTACCESS_CONFIG mod_security.c

That should serve the purpose?

I know it's just a matter of adding -D DISABLE_HTACCESS_CONFIG from cpanel to

/var/cpanel/apachemod/modsecurity.apache

but till then would/shouldn't the above be sufficient?

TIA
Anup

 

cd /usr/src/modsecurity-apache-1.9.1/apache1
/usr/local/apache/bin/apxs -ci -D DISABLE_HTACCESS_CONFIG mod_security.c

restart httpd

don't forget to Uncheck the checkbox "Install and Keep Updated" in WHM > Add on Modules for mod_security. Tried disabling mod_security in htaccess and got ISE so i presume that it works.

Anup

 

I know this is an old thread. however, it would still be great if cPanel would include an option to compile mod_security with DISABLE_HTACCESS_CONFIG.

Mike