How to Turn off Mod Security OR How to disable Mod Security for an account?
Mod_Security for an account is turned off/disabled on depending upon the version of Mod_Security i.e. it can be disabled in .htaccess file in modsecurity1 and have to disable it in VirtualHost entry of a domain in modsecurity2. Apache 1.x supports Mod Security1 and Apache 2.x supports Mod Securiry2. To find out the version of Apache, execute
httpd -v
Mod Security1:
Create a .htaccess file in an account
vi .htaccess
and insert the following:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
Mod Security2:
You cannot disable mod security in a .htaccess file here (it’s setup this way to enhance security). You have to turn off mod security in the VirtualHost of the domain in the Apache configuration file. Edit the configuration file:
vi /etc/httpd/conf/httpd.conf
scroll down to the VirtualHost of the domain and place the following lines:
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Save the configuration file and restart the Apache service.
service httpd restart
Comments are closed.