The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security nightmares

Discussion in 'Security' started by Pwnageservers, Jan 16, 2008.

  1. Pwnageservers

    Pwnageservers Registered

    Joined:
    Dec 20, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    mod_security is giving me 406 errors with /mail, /cpanel, and /whm. any ideas people?
    All help appreciated.
     
  2. AnilR

    AnilR Active Member

    Joined:
    Nov 24, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    If you are using Apache web server then mod_security can be disabled by adding following two lines within the .htaccess file in Apache web root directory like for cPanel in /home/user/public_html.
    If it does not exist then create a new file named .htaccess and add the code:


    SecFilterEngine Off
    SecFilterScanPOST Off

    But I would recommend you to remove and uninstall mod_security. You an just comment out or delete the related mod_security entries from httpd.conf Apache configuration file.
     
  3. nat

    nat Well-Known Member

    Joined:
    Jan 16, 2003
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    That no longer works with mod_security2
     
  4. duranduran

    duranduran Well-Known Member

    Joined:
    Apr 30, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    I have the same problem. How can i disable mod_secure for one single domain ?
     
  5. nat

    nat Well-Known Member

    Joined:
    Jan 16, 2003
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Step 1: Create a directory

    Code:
    mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain.com
    Replace "username" with the domain's username

    Replace "domain.com" with the domain name




    Step 2: Add an include file for that domain

    1. Run:

    Code:
    nano /usr/local/apache/conf/userdata/std/2/username/domain.com/mod_security2.conf
    Replace "username" with the domain's username

    Replace "domain.com" with the domain name


    2. Add the following code to mod_security2.conf:

    Code:
    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>

    3. Save and Exit nano




    Step 3: Run the following to add that include file for that particluar domain to httpd.conf

    Code:
    /scripts/ensure_vhost_includes --user=username
    Replace "username" with the domain's username




    Step 4: If step 3 doesn't restart apache, restart apache.

    Run:

    Code:
    /sbin/service httpd restart
     
Loading...

Share This Page