How to disable mod_security2 rule for one domain?

Apr 29, 2003
20
0
151
Hello,

I'm getting this error message:
Code:
Not Acceptable

An appropriate representation of the requested resource /admin/index.php could not be found on this server.
And I've been told that I have to add this in .htaccess:
Code:
<IfModule mod_security.c>
   SecFilterEngine Off
   SecFilterScanPOST Off
</IfModule>
Which is impossible now.

I've tried to add it in httpd.conf but didn't solve the problem.

How can I solve this? OR Disable mod_sec on one domain?
 

bidhata

Member
Mar 26, 2004
6
0
151
India
Code:
<IfModule mod_security.c>
SecRuleEngine Off
</IfModule>
this will work ...
 

vittle

Member
Apr 18, 2004
11
0
151
Code:
<IfModule mod_security.c>
SecRuleEngine Off
</IfModule>
this will work ...
This does not seem to work after a while. Instead, we used this method to disable it for specific domains:

The only way to bypass mod_security2 in Apache 2 is to manually edit httpd.conf. However, as cPanel autogenerates this, one must directly edit the httpd template files that cPanel uses to generate the httpd.conf. Namely, in /var/cpanel/templates/apache2/vhost.default

Add the following line before the </VirtualHost> closing tag


Code:
[% IF vhost.servername == 'domain.com' || vhost.servername == 'domain2.com' -%]
## CUSTOM RULE BY POLURNET.COM TO BYPASS MOD_SECURITY2 FOR SPECIFIC DOMAINS
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
[% END -%]

After adding this, you must also remember to re-generate the template (run /usr/local/cpanel/bin/build_apache_conf) and restart Apache/httpd, otherwise changes won't take effect.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,042
230
368
cPanel Access Level
Root Administrator
Just create a directory:

mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain.com

Then create a file:

/usr/local/apache/conf/userdata/std/2/username/domain.com/mod_security.conf

In that file add:

<IfModule mod_security.c>
SecRuleEngine Off
</IfModule>


Save it.

Then run:

/scripts/ensure_vhost_includes --user=username
 

ovisopa

Member
Apr 12, 2007
18
0
151
Any new/simple way to disable mod_security2 for just one domain .. after 2 years of this thread was started ??

I'm using cPanel 11.24.4-S35075 - WHM 11.24.2 - X 3.9
Apache2 / suPHP / mod_security2

I found a comment on a blog:

SecRule SERVER_NAME “domain.com” phase:1,nolog,allow,ctl:ruleEngine=off

this should be added to modsec2.conf ?

For now, to solve the problem one website had with a flash uploader I have removed the rule marked with red, on the bellow code

#spam bots
SecRule HTTP_User-Agent "DTS Agent"
SecRule HTTP_User-Agent "POE-Component-Client"
SecRule HTTP_User-Agent "WISEbot"
SecRule HTTP_User-Agent "^Shockwave Flash"
SecRule HTTP_User-Agent "Missigua"


10x
 

mikegotroot

Well-Known Member
Verifed Vendor
Apr 29, 2008
85
1
58