Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security nightmares

Discussion in 'Security' started by Pwnageservers, Jan 16, 2008.

  1. Pwnageservers

    Pwnageservers Registered

    Joined:
    Dec 20, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    51
    mod_security is giving me 406 errors with /mail, /cpanel, and /whm. any ideas people?
    All help appreciated.
     
  2. AnilR

    AnilR Active Member

    Joined:
    Nov 24, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    India
    If you are using Apache web server then mod_security can be disabled by adding following two lines within the .htaccess file in Apache web root directory like for cPanel in /home/user/public_html.
    If it does not exist then create a new file named .htaccess and add the code:


    SecFilterEngine Off
    SecFilterScanPOST Off

    But I would recommend you to remove and uninstall mod_security. You an just comment out or delete the related mod_security entries from httpd.conf Apache configuration file.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. nat

    nat Well-Known Member

    Joined:
    Jan 16, 2003
    Messages:
    210
    Likes Received:
    0
    Trophy Points:
    166
    That no longer works with mod_security2
     
  4. duranduran

    duranduran Well-Known Member

    Joined:
    Apr 30, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    166
    I have the same problem. How can i disable mod_secure for one single domain ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. nat

    nat Well-Known Member

    Joined:
    Jan 16, 2003
    Messages:
    210
    Likes Received:
    0
    Trophy Points:
    166
    Step 1: Create a directory

    Code:
    mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain.com
    Replace "username" with the domain's username

    Replace "domain.com" with the domain name




    Step 2: Add an include file for that domain

    1. Run:

    Code:
    nano /usr/local/apache/conf/userdata/std/2/username/domain.com/mod_security2.conf
    Replace "username" with the domain's username

    Replace "domain.com" with the domain name


    2. Add the following code to mod_security2.conf:

    Code:
    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>

    3. Save and Exit nano




    Step 3: Run the following to add that include file for that particluar domain to httpd.conf

    Code:
    /scripts/ensure_vhost_includes --user=username
    Replace "username" with the domain's username




    Step 4: If step 3 doesn't restart apache, restart apache.

    Run:

    Code:
    /sbin/service httpd restart
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice