{"id":564,"date":"2013-02-08T20:46:54","date_gmt":"2013-02-09T01:46:54","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/2013\/02\/08\/disable-modsecurity-for-a-domain\/"},"modified":"2021-08-16T23:21:37","modified_gmt":"2021-08-17T03:21:37","slug":"disable-modsecurity-for-a-domain","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/","title":{"rendered":"Disable ModSecurity for a domain"},"content":{"rendered":"

In this article I’ll show you how you can disable ModSecurity for a domain on your VPS (Virtual Private Server) or dedicated server. ModSecurity is used to block certain types of web requests that can help prevent you from possible attacks. However certain times a legitmate request could be getting blocked by ModSecurity, so knowing how to disable it is good knowledge.<\/p>\n

If you’re on a shared server and experiencing problem with 406 errors caused by ModSecurity you can follow my guide on how to disable ModSecurity via cPanel Modsec Manager<\/a>.<\/p>\n

In order to follow along with this guide, you’ll need to have root access<\/a> to your VPS or dedicated server so that you can create the required ModSecurity file on the server, and modify the Apache configuration file.<\/p>\n

Enable ModSecurity include in httpd.conf<\/h2>\n

Following the steps below I’ll walk you through how to modify your Apache httpd.conf<\/strong> configuration file so that you can include a ModSecurity rules file for the domain you’d like to disable ModSecurity for.<\/p>\n

    \n
  1. Login to your server via SSH<\/a> as the root user.<\/li>\n
  2. Make a backup of your Apache configuration with the following command: cp -frp \/usr\/local\/apache\/conf\/httpd.conf{,-BAK}<\/code><\/li>\n
  3. Edit your Apache httpd.conf<\/strong> file with the vim<\/strong> editor with this command: vim \/usr\/local\/apache\/conf\/httpd.conf<\/code><\/li>\n
  4. Once in vim<\/strong> you can type in a forward slash \/<\/strong> to enter search mode, you can then enter in the name of the domain you’d like to disable ModSecurity for and hit Enter<\/strong> to be dropped to that line.You should be at a <VirtualHost<\/strong> entry that looks something like this:
    \n<VirtualHost 123.123.123.123:80>
    \nServerName example.com
    \nServerAlias www.example.com
    \nDocumentRoot \/home\/userna5\/public_html
    \nServerAdmin webmaster@example.com
    \nUseCanonicalName Off
    \nCustomLog \/usr\/local\/apache\/domlogs\/example.com combined
    \nCustomLog \/usr\/local\/apache\/domlogs\/example.com-bytes_log \"%{%s}t %I .n%{%s}t %O .\"
    \n## User userna5 # Needed for Cpanel::ApacheConf
    \n<IfModule mod_suphp.c>
    \nsuPHP_UserGroup userna5 userna5
    \n<\/IfModule>
    \n<IfModule !mod_disable_suexec.c>
    \n<IfModule !mod_ruid2.c>
    \nSuexecUserGroup userna5 userna5
    \n<\/IfModule>
    \n<\/IfModule>
    \n<IfModule mod_ruid2.c>
    \nRUidGid userna5 userna5
    \n<\/IfModule>
    \nScriptAlias \/cgi-bin\/ \/home\/userna5\/public_html\/cgi-bin\/
    \n# To customize this VirtualHost use an include file at the following location
    \n# Include \"\/usr\/local\/apache\/conf\/userdata\/std\/2\/userna5\/example.com\/*.conf\"<\/strong>
    \n<\/VirtualHost>
    \n<\/code><\/p>\n

    You’ll want to un-comment the Include<\/strong> line by removing the pound #<\/strong> symbol from the beginning of the line at the bottom. You can do this by navigating with the arrow keys till your cursor is over the #<\/strong> symbol, then just hit Delete<\/strong> on your keyboard:
    \n#<\/strong> Include \"\/usr\/local\/apache\/conf\/userdata\/std\/2\/userna5\/example.com\/*.conf\"<\/code>
    \nSo it should end up looking like this:
    \nInclude \"\/usr\/local\/apache\/conf\/userdata\/std\/2\/userna5\/example.com\/*.conf\"<\/code>
    \nNow to save the file, simply hold down Shift<\/strong> and hit ZZ<\/strong> on the keyboard, you should get this confirmation:
    \n\"\/usr\/local\/apache\/conf\/httpd.conf\" 785L, 30554C written<\/code><\/li>\n

  5. Finally run the cPanel Apache configuration distiller, to ensure your includes remain after future cPanel updates:
    \n\/usr\/local\/cpanel\/bin\/apache_conf_distiller --update<\/code>
    \nAfter running that you should get back:
    \n info [apache_conf_distiller] 'local' datastore in use (\/var\/cpanel\/conf\/apache\/local)
    \nDistilled successfully<\/code><\/li>\n<\/ol>\n

    Create ModSecurity configuration file<\/h2>\n

    Now that you’ve setup Apache to include a ModSecurity configuration file, you’ll next want to create the appropriate directory and file that it’s trying to load. Following the steps below I’ll show you how to accomplish this.<\/p>\n

      \n
    1. Run the following command to create the directory where we’ll be placing our ModSecurity configuration file:
      \nmkdir -p \/usr\/local\/apache\/conf\/userdata\/std\/2\/userna5\/example.com\/<\/code><\/li>\n
    2. Next use the following rule to create a ModSecurity configuration file with the SecRuleEngine<\/strong> option set to Off<\/strong> which disables ModSecurity completely for the domain:
      \necho \"SecRuleEngine Off\" > \/usr\/local\/apache\/conf\/userdata\/std\/2\/userna5\/example.com\/modsec.conf<\/code><\/li>\n
    3. Finally to make the new ModSecurity configuration file active, you need to restart the Apache service gracefully with the following command:
      \nservice httpd graceful<\/code>
      \nNow that Apache has been gracefully restarted the new ModSecurity configuration settings should be getting loaded, and in this case ModSecurity is completely disabled for our example.com<\/strong> domain now.<\/li>\n<\/ol>\n

      You should now understand how to completely disable ModSecurity for a domain on your VPS or dedicated server. If you wanted to leave ModSecurity enabled, but only wanted to disable certain ModSecurity rules that are getting triggered, then you can read my guide on how to find and disable specific ModSecurity rules<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

      In this article I’ll show you how you can disable ModSecurity for a domain on your VPS (Virtual Private Server) or dedicated server. ModSecurity is used to block certain types of web requests that can help prevent you from possible attacks. However certain times a legitmate request could be getting blocked by ModSecurity, so knowing Read More ><\/a><\/p>\n","protected":false},"author":57014,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6,4299],"tags":[],"class_list":["post-564","post","type-post","status-publish","format-standard","hentry","category-domain-names","category-security"],"acf":[],"yoast_head":"\nDisable ModSecurity for a domain | InMotion Hosting<\/title>\n<meta name=\"description\" content=\"In this article I'll show you how you can disable ModSecurity for a domain on your VPS (Virtual Private Server) or dedicated server. ModSecurity is used to block certain types of web requests that can help prevent you from possible attacks. However certain times a legitmate request could be getting blocked by ModSecurity, so knowing how to disable it is good knowledge.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Disable ModSecurity for a domain | InMotion Hosting\" \/>\n<meta property=\"og:description\" content=\"In this article I'll show you how you can disable ModSecurity for a domain on your VPS (Virtual Private Server) or dedicated server. ModSecurity is used to block certain types of web requests that can help prevent you from possible attacks. However certain times a legitmate request could be getting blocked by ModSecurity, so knowing how to disable it is good knowledge.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-02-09T01:46:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-17T03:21:37+00:00\" \/>\n<meta name=\"author\" content=\"InMotion Hosting Contributor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InMotion Hosting Contributor\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/\"},\"author\":{\"name\":\"InMotion Hosting Contributor\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\"},\"headline\":\"Disable ModSecurity for a domain\",\"datePublished\":\"2013-02-09T01:46:54+00:00\",\"dateModified\":\"2021-08-17T03:21:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/\"},\"wordCount\":556,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"articleSection\":[\"Domain Names\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/\",\"name\":\"Disable ModSecurity for a domain | InMotion Hosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\"},\"datePublished\":\"2013-02-09T01:46:54+00:00\",\"dateModified\":\"2021-08-17T03:21:37+00:00\",\"description\":\"In this article I'll show you how you can disable ModSecurity for a domain on your VPS (Virtual Private Server) or dedicated server. ModSecurity is used to block certain types of web requests that can help prevent you from possible attacks. However certain times a legitmate request could be getting blocked by ModSecurity, so knowing how to disable it is good knowledge.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inmotionhosting.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Disable ModSecurity for a domain\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support & Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inmotionhosting\/\",\"https:\/\/x.com\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\",\"name\":\"InMotion Hosting Contributor\",\"description\":\"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/inmotion-hosting\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting\"],\"url\":\"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Disable ModSecurity for a domain | InMotion Hosting","description":"In this article I'll show you how you can disable ModSecurity for a domain on your VPS (Virtual Private Server) or dedicated server. ModSecurity is used to block certain types of web requests that can help prevent you from possible attacks. However certain times a legitmate request could be getting blocked by ModSecurity, so knowing how to disable it is good knowledge.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/","og_locale":"en_US","og_type":"article","og_title":"Disable ModSecurity for a domain | InMotion Hosting","og_description":"In this article I'll show you how you can disable ModSecurity for a domain on your VPS (Virtual Private Server) or dedicated server. ModSecurity is used to block certain types of web requests that can help prevent you from possible attacks. However certain times a legitmate request could be getting blocked by ModSecurity, so knowing how to disable it is good knowledge.","og_url":"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2013-02-09T01:46:54+00:00","article_modified_time":"2021-08-17T03:21:37+00:00","author":"InMotion Hosting Contributor","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"InMotion Hosting Contributor","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/"},"author":{"name":"InMotion Hosting Contributor","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644"},"headline":"Disable ModSecurity for a domain","datePublished":"2013-02-09T01:46:54+00:00","dateModified":"2021-08-17T03:21:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/"},"wordCount":556,"commentCount":2,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"articleSection":["Domain Names","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/","url":"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/","name":"Disable ModSecurity for a domain | InMotion Hosting","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"datePublished":"2013-02-09T01:46:54+00:00","dateModified":"2021-08-17T03:21:37+00:00","description":"In this article I'll show you how you can disable ModSecurity for a domain on your VPS (Virtual Private Server) or dedicated server. ModSecurity is used to block certain types of web requests that can help prevent you from possible attacks. However certain times a legitmate request could be getting blocked by ModSecurity, so knowing how to disable it is good knowledge.","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/domain-names\/disable-modsecurity-for-a-domain\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"Disable ModSecurity for a domain"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support & Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644","name":"InMotion Hosting Contributor","description":"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!","sameAs":["https:\/\/www.linkedin.com\/company\/inmotion-hosting\/","https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting"],"url":"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":null,"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/57014"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=564"}],"version-history":[{"count":4,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/564\/revisions"}],"predecessor-version":[{"id":84968,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/564\/revisions\/84968"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}