Wednesday, January 27, 2010

Howto: disable Mod Security for an account

How to Turn off Mod Security OR How to disable Mod Security for an account?

Mod_Security for an account is turned off/disabled on depending upon the version of Mod_Security i.e. it can be disabled in .htaccess file in modsecurity1 and have to disable it in VirtualHost entry of a domain in modsecurity2. Apache 1.x supports Mod Security1 and Apache 2.x supports Mod Securiry2. To find out the version of Apache, execute

httpd -v

Mod Security1:

Create a .htaccess file in an account

vi .htaccess

and insert the following:


SecFilterEngine Off
SecFilterScanPOST Off


Mod Security2:

You cannot disable mod security in a .htaccess file here (it’s setup this way to enhance security). You have to turn off mod security in the VirtualHost of the domain in the Apache configuration file. Edit the configuration file:

vi /etc/httpd/conf/httpd.conf

scroll down to the VirtualHost of the domain and place the following lines:


SecRuleEngine Off


Save the configuration file and restart the Apache service.

service httpd restart

No comments:

Post a Comment