Mod_security is an apache module that helps to protect your website from various attacks. Mod_Security is used to block commonly known exploits by use of regular expressions and rule sets. Mod_Security is enabled on all InMotion Servers by default. Mod_Security can potentially block common code injection attacks which strengthens the security of the server. If you need to disable mod_security we can show you how, and help you do so.

When coding a dynamic website, sometimes users forget to write code to help prevent hacks by doing things such as validating input. Mod_security can help in some cases those users that run sites that don't have security checks in their code.

 

http://www.webapp.com/login.php?username=admin'">DROP%20TABLE%20users--

This is a simple SQL injection where visiting this would cause the database to DROP and delete the users table from the database. If you are running Mod_Security on your server it will block this from running. Typically, you would see a 406 error in this case if mod_security is enabled. To read more about 406 errors read our article. You set up rules for Mod_security to check http requests against and determine if a threat is present. 

Recognizing Mod_Security is pretty easy. Any website that calls a string forbidden by a mod_security rule will give a 406 error instead of displaying the page. On our shared servers if you would like to disable mod_security for one or all of your domains, this can be done using our Modsec manager plugin for cPanel.

If you'd like to simply disable a certain rule that is being triggered instead of disabling mod_security for the entire domain, please e-mail support@inmotionhosting.com to open a support ticket. If you send an email, for verification purposes please provide us with the original cPanel password, the current AMP password, or the last four digits of the current credit card on file.

If you are a VPS or Dedicated customer you can disable mod_security for the entire server as well. This can be accomplished in WHM by selecting "No Configuration" from WHM >Mod Security. Please take note, that disabling mod_security is enabled as an extra layer of security and removing it can expose you to potential risks. 

Manually Disabling Mod_Security on a VPS or Dedicated Server

Some applications may require you to disable mod_security for them to function correctly. This is perfectly fine and since the set_modsec tool is only available on shared servers you will need to disable mod_security for a single domain:

  1. SSH into the server and open the httpd.conf file. Find the VirtualHost entry for that specific domain. Uncomment out the include line that looks like this:
  2. Include "/usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN.COM/*.conf"

    NOTE this line tells Apache to INCLUDE into the VirtualHost config ANY file ending in .conf. This is an advanced task and if you are unfamiliar with the command line, we suggest you contact our support team for further assistance. 

  3. Copy the line you uncommented and mkdir
  4. mkdir -p /usr/local/apache/userdata/std/2/USER/DOMAIN.COM

  5. Insert the rule to turn off mod_security
  6. echo "SecRuleEngine Off" > /usr/local/apache/userdata/std/2/USER/DOMAIN.COM/modsec.conf

  7. Restart Apache
  8. service httpd restart

Disabling Specific Mod_Security Rules on VPS and Dedicated

Using SecRuleRemoveById, you can disable individual mod_security rules. To find the ID to disable, you need to look in the apache error log (/usr/local/apache/logs/error_log). You can grep for the domain that is having the problem and ModSecurity to find the problem:

grep domain.com /usr/local/apache/logs/error_log | grep ModSecurity

These lines will provide a section that looks like this: [id "950004"] The number is the ID of the ModSecurity rule that you will disable. You can then enter the following line in an applicable .htaccess file (replacing the ID of your matched error with the 950004 example used below):

SecRuleRemoveById 950004

Note: Do NOT include the SecRuleEngine Off line, as this will totally disable ModSecurity.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
2013-07-30 9:43 am
This is all well and good, however on our dedicated server that icon does not exist.
Also you should see the InMotion article telling us of the IMPORTANCE of mod_security and it's role.
On our dedicated server mod_security has a known issue that causes 406 errors, and despite over a month of trying to get this resolved we have yet to receive a solution.
Staff
8,706 Points
2013-07-30 10:01 am
Hello Datalynk,

Thank you for your comment. We are happy to help you troubleshoot the issue that is causing 406 errors, but I would need more information, such as the domain name.

As explained in this article the the button for disabling mod_sec is only available for Shared Servers:
"On our shared servers if you would like to disable mod_security for one or all of your domains, this can be done using our Modsec manager plugin for cPanel."

On VPS and Dedicated servers, you have a higher level of access, so you can modify/disable specific mod_sec rules via SSH or completely disable it in WHM as suggested in the article:
"If you are a VPS or Dedicated customer you can disable mod_security for the entire server as well. This can be accomplished in WHM by selecting "No Configuration" from WHM >Mod Security. "

If you have any further questions, feel free to post them below.
Thank you,

-John-Paul

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

2 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!