Tips: How to disable mod_security2 rules on CPANEL/WHM for any domain.

Just create a directory:

# mkdir -p /usr/local/apache/conf/userdata/(std|ssl)/2/yourusername/

Then create a file:

# touch /usr/local/apache/conf/userdata/(std|ssl)/2/yourusername/

In that file add:

<IfModule mod_security2.c>
SecRuleEngine Off

Then run:

/scripts/ensure_vhost_includes --user=username
/etc/init.d/httpd restart

On global level:

The only way to bypass mod_security2 in Apache 2 is to manually edit httpd.conf. However, as cPanel autogenerates this, one must directly edit the httpd template files that cPanel uses to generate the httpd.conf. Namely, in /var/cpanel/templates/apache2/vhost.default . Add the following line before the </VirtualHost> closing tag:

[%- IF vhost.servername == '' || vhost.servername == '' %]
<IfModule mod_security2.c>
SecRuleEngine Off
[% END -%]


Scroll to top