Tips: How to disable mod_security2 rules on CPANEL/WHM for any domain.

Just create a directory:

# mkdir -p /usr/local/apache/conf/userdata/(std|ssl)/2/yourusername/yourmaindomain.com

Then create a file:

# touch /usr/local/apache/conf/userdata/(std|ssl)/2/yourusername/yourmaindomain.com/mod_security.conf

In that file add:

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

Then run:

/scripts/verify_vhost_includes
/scripts/ensure_vhost_includes --user=username
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart

On global level:

The only way to bypass mod_security2 in Apache 2 is to manually edit httpd.conf. However, as cPanel autogenerates this, one must directly edit the httpd template files that cPanel uses to generate the httpd.conf. Namely, in /var/cpanel/templates/apache2/vhost.default . Add the following line before the </VirtualHost> closing tag: 

[%- IF vhost.servername == 'domain.com' || vhost.servername == 'domain2.com' %]
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
[% END -%]

FYI: http://www.configserver.com/cp/cmc.html

You May Also Like

  1. Tips: Custom Configurations of httpd.conf on WHM/CPANEL server

    04/03/2014

  2. WHM & Cpanel : ssl cert + 500 internal server error

    14/01/2013

  3. WHM & Cpanel : where search logs messages of all services

    10/01/2013
Scroll to top