Are you trying to disable Mod_Security for a specific domain?
This guide is for you.
ModSecurity (aka mod_security, security2_module, or modsec) is an apache module designed to work similarly to a Web Application Firewall, to help protect websites from certain types of attacks.
It basically secures the web servers from attacks.
But, misconfigured rules can even affect the overall functioning of the website.
Here at Ibmi Media, as part of our Server management Services, we regularly help our Customers to perform Mod_Security related queries.
In this context, we shall look into how to disable Mod_Security for a specific domain.
How to disable Mod_Security rules for a specific domain?
Basically, the cPanel/WHM doesn't provide an option to exclude mod_security rules for a domain.
Recently, we came across a customer who requested to disable Mod_Security for his specific domain.
Not a server-wide impact but only to a specific domain.
Now, Let us see the steps they employed in order to disable Mod_Security for his specific domain.
1. Disabling Mod_Security using plugin
In order to disable it, first, we install 'ConfigServer Modsecurity Control' plugin on the server.
One of the major advantages of using this plugin is an option to disable the rules by specifying the directory for the domain.
This is helpful since it disables Mod_Security for a specific domain rather than a server-wide change.
2. ConfigServer Mod_Security Control
Login to WHM >> Plugins >> ConfigServer Mod_Security Control
We can disable the rules that are blocking access to the domain using this Plugin.
The steps we follow are as follows:
i. Select the user/domain in the Plugin.
ii. Then, click ‘Modify user whitelist’.
iii. Lastly, add the rules to it.
The most important step was to check if the local IP address of the customer was blocked in the server firewall.
Thus we disabled the Mod_Security rule for a specific domain.
