InMotion Hosting Support Center

In this article I'm going to discuss how to find and disable specific ModSecurity rules that might be causing 406 errors on your websites on either your VPS (Virtual Private Server) or dedicated server. The rules that ModSecurity uses can help block potential attack attempts from malicious users, but sometimes it can also block legitimate requests, and knowing how to go in and find what rules are getting triggered and how to disable them can be handy.

This article is going to assume that you already know how to enable a ModSecurity configuration file for your domain which is discussed in my previous article about how to disable ModSecurity for a domain. However when you get to the part talking about using SecRuleEngine Off you won't want to put that in your ModSecurity configuration file. As that completely turns off ModSecurity, in this article we'll discuss using the SecRuleRemoveById setting instead to only disable one specific rule.

In order to follow along with this guide you'll need root access to either your VPS or dedicated server so that you have full access to modify your Apache configuration, and to create the ModSecurity configuration file.

Find ModSecurity rules getting triggered

Following the steps below I'll show you how you can use the Apache error log in order to determine what ModSecurity errors are being triggered on your websites.

  1. Login to your server via SSH as the root user.
  2. Run the following command to determine what ModSecurity rules are being triggered:

    grep ModSecurity /usr/local/apache/logs/error_log | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c | sort -n

    This will give you something back like this:

    129 990011 /feed/
    4668 950004 /wp-content/themes/drone/jquery.cookie.js
    29070 950004 /wp-content/themes/drone/jquery.cookie.js

    So we can see that the ModSecurity rule ID 950004 has been triggered at least 33,738 between and when trying to request the /wp-content/themes/drone/jquery.cookie.js file.

  3. In order to disable just the specific ModSecurity rule for the 95004 rule, run the following command:

    echo "SecRuleRemoveById 950004" >> /usr/local/apache/conf/userdata/std/2/userna5/

    Note that when we use >> this is going to append the rule to our ModSecurity configuration file, so we don't overwrite any previous rules we've allowed as well. If you don't already have your ModSecurity configuration file included in your Apache configuration, be sure to follow my guide on how to enable ModSecurity include and create a configuration file which covers this.

    It's also important to remember you can't have the SecRuleEngine Off rule still in your ModSecurity configuration file if you're just disabling specific rules, as it will completely turn off ModSecurity.

You should now know how to locate what ModSecurity rules are being triggered, and how to indivdually disable those specific rules to stop triggering 406 ModSecurity errors on your website.

Support Center Login

Social Media Login

Social Login Joomla

Related Questions

Here are a few questions related to this article that our customers have asked:
Are the IMH modsecurity rules compliant with apache 2.4.6?
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
n/a Points
2014-02-28 8:58 pm

Hi I have a setup with modsec but it wot disable rules that I need to disable to allow directory listing (Indexes). Come across this before?

This is in my /etc/modsecurity/modsecurity.conf file

SecRuleRemoveById 970011SecRuleRemoveById 971200SecRuleRemoveById 971201SecRuleRemoveById 971202

26,980 Points
2014-02-28 9:35 pm
Hello Anon,

Since I can't see your account, I am unable to determine if you have the permission to change the Modsec rule - you would need to have root access. If you're finding that you are unable to make the changes, make sure that the file permissions allow you to change it, if you're still having the problem, then contact our technical support team through email/phone/chat.

The technical support team may need to make the change for you, if you have a hosting account with us.

Arnel C.
n/a Points
2014-04-07 4:55 am

I have problem with this on my site can you halp me with that? :-( For me it realy sounds like chinese:-(

18,924 Points
2014-04-07 12:47 pm
Hello Martina,

Thank you for contacting us. Since your website seems to be hosted with Network Solutions we do not have access to your server.

We are still happy to help you, but will need more information. What are you trying to accomplish?

Are you having problems, or getting errors? Can you provide the errors?

If you have any further questions, feel free to post them below.
Thank you,

30,216 Points
2014-04-07 12:47 pm
Hello Martina,

We are happy to help. At what part of the process are you getting stuck? Be sure you have root access in order to begin.

Kindest Regards,
Scott M
n/a Points
2014-10-05 1:10 am

We have issues when ModSec Rule is enabled and get a 406 error for the User Agent Header. This occures after users pay for items using the SIM payment method and are then re-routed or relayed back to the website. I would like to just disable that rule for the USer Agent Header request. Where can I find that rule number? Also, would enabling Mod_Rewrite in my CMS configuration help at all?

30,216 Points
2014-10-06 8:48 am
Hello James,

Following Jacob's instructions above should help you identify and disable the specific rule. Mod_rewrite is enabled by default on the servers, but it is enabled by the htaccess file usually as well by calling 'RewriteEngine On'.

Kindest Regards,
Scott M
n/a Points
2015-04-06 2:49 am

I want to allow request arguements "request.ui_dispatch_app and request.ui_dispatch_view" from "" From other domain this should not allow and arguements other than these 2 like "request.something" from any domain including "" should not allow in modsecurity. How to achieve this ?

26,980 Points
2015-04-06 3:14 pm
Hello Yogesh Patel,

If you're trying to change the mod security rules that apply to your websites, you will need to have root access to the account, and knowledge of how to change the rules. Otherwise, you will need to submit a request to technical support explaining what you are trying to accomplish. Bear in mind that changing the mod security rules may not be possible if you are on a shared server.

I hope this helps to answer your question, please let us know if you require any further assistance.

Arnel C.

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

9 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!