How to Disable a Triggered ModSecurity Rule in WHM Server?

ModSecurity is an Apache module which will protect your website from attacks, which includes a set of rules that blocks some regular expressions to prevent your websites from hackers. Almost 70% of server attacks are now carried out over the web application level. Mod_security always filters the data on your website and prevent your website from hackers and it will help you to secure your server.

In order to disable the mod security rule on your cPanel server, you would need to install a plugin called “ConfigServer ModSecurity Control”. For more information on how to install that plugin, please refer our Knowledgebase article: Install ConfigServer ModSecurity Control in cPanel

Once you have installed that plugin, please see this tutorial to know how to disable a particular Mod Security rule in the server.

Initially, you would need to find the exact rule which is triggered on the server. In order to find that rule, you will need to follow the below steps:

1) Login to your server via SSH.

2) Run the following command to determine what ModSecurity rules are being triggered:

grep ModSecurity /usr/local/apache/logs/error_log | sed -e ‘s#^.*\[id “\([0-9]*\).*hostname “\([a-z0-9\-\_\.]*\)”\].*uri “#\1 \2 #’ | cut -d\” -f1 | sort -n | uniq -c | sort -n

The above command will help you to find which rule is being triggered on the server.

After finding the rule, then you would need to follow the steps mentioned below, in order to disable those rules on the server.