Howto: disable Mod Security for an account

How to Turn off Mod Security OR How to disable Mod Security for an account?

Mod_Security for an account is turned off/disabled on depending upon the version of Mod_Security i.e. it can be disabled in .htaccess file in modsecurity1 and have to disable it in VirtualHost entry of a domain in modsecurity2. Apache 1.x supports Mod Security1 and Apache 2.x supports Mod Securiry2. To find out the version of Apache, execute

httpd -v

Mod Security1:

Create a .htaccess file in an account

vi .htaccess

and insert the following:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Mod Security2:

You cannot disable mod security in a .htaccess file here (it’s setup this way to enhance security). You have to turn off mod security in the VirtualHost of the domain in the Apache configuration file. Edit the configuration file:

vi /etc/httpd/conf/httpd.conf

scroll down to the VirtualHost of the domain and place the following lines:

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

Save the configuration file and restart the Apache service.

service httpd restart

This entry was posted on Tuesday, December 1st, 2009 and is filed under Linux Administration. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.