Any user can turn off mod_security!!!!!!

[rs-freddo]

http://forums.cpanel.net/showthread.php?p=235625#post235529

Please vote to have this fixed:
http://bugzilla.cpanel.net/show_bug.cgi?id=3868

 

[verdon]

Not if you install it manually :D

 

[qwerty]

modsec can be turned off via .htaccess regardless of whether you've installed modsec through WHM or manually

 

[rs-freddo]

If it's compiled properly it can't be turned off.

 

[anup123]

If it's compiled properly it can't be turned off.

I have voted in good "hope".
However, wouldn't just running following (and disabling aut update to this module in WHM) serve the purpose

cd /usr/src/modsecurity-apache-1.9.1/apache1

/usr/local/apache/bin/apxs -ci -D DISABLE_HTACCESS_CONFIG mod_security.c

That should serve the purpose?

I know it's just a matter of adding -D DISABLE_HTACCESS_CONFIG from cpanel to

/var/cpanel/apachemod/modsecurity.apache

but till then would/shouldn't the above be sufficient?

TIA
Anup

 

[anup123]

cd /usr/src/modsecurity-apache-1.9.1/apache1
/usr/local/apache/bin/apxs -ci -D DISABLE_HTACCESS_CONFIG mod_security.c

restart httpd

don't forget to Uncheck the checkbox "Install and Keep Updated" in WHM > Add on Modules for mod_security. Tried disabling mod_security in htaccess and got ISE so i presume that it works.

Anup

 

[mtindor]

I know this is an old thread. however, it would still be great if cPanel would include an option to compile mod_security with DISABLE_HTACCESS_CONFIG.

Mike