Disable ModSecurity for a domain

Are you trying to disable Mod_Security for a specific domain? 

This guide is for you.

ModSecurity (aka mod_security, security2_module, or modsec) is an apache module designed to work similarly to a Web Application Firewall, to help protect websites from certain types of attacks.

It basically secures the web servers from attacks.

But, misconfigured rules can even affect the overall functioning of the website.

Here at Ibmi Media, as part of our Server management Services, we regularly help our Customers to perform Mod_Security related queries.

In this context, we shall look into how to disable Mod_Security for a specific domain.

How to disable Mod_Security rules for a specific domain?

Basically, the cPanel/WHM doesn't provide an option to exclude mod_security rules for a domain.

Recently, we came across a customer who requested to disable Mod_Security for his specific domain. 

Not a server-wide impact but only to a specific domain.

Now, Let us see the steps they employed in order to disable Mod_Security for his specific domain.

1. Disabling Mod_Security using plugin

In order to disable it, first, we install 'ConfigServer Modsecurity Control' plugin on the server.

One of the major advantages of using this plugin is an option to disable the rules by specifying the directory for the domain.

This is helpful since it disables Mod_Security for a specific domain rather than a server-wide change.

2. ConfigServer Mod_Security Control

Login to WHM >> Plugins >> ConfigServer Mod_Security Control

We can disable the rules that are blocking access to the domain using this Plugin.

The steps we follow are as follows:

i. Select the user/domain in the Plugin.

ii. Then, click ‘Modify user whitelist’.

iii. Lastly, add the rules to it.

The most important step was to check if the local IP address of the customer was blocked in the server firewall​.

Thus we disabled the Mod_Security rule for a specific domain.

[Need urgent assistance with Mod_Security rules? We are here for you. ]


This article will guide you on how to disable Mod_Security for a specific domain. Basically, ConfigServer #Modsecurity Control allows us to disable the #rules that are blocking access to a specific #domain.

1. Mod_security module helps to protect your website from various #attacks. 

2. ModSecurity is an open-source web-based firewall application (or #WAF) supported by different web servers: Apache, Nginx and IIS. The module is configured to protect web #applications from various attacks.

3. If mod-security is disabled on your account, your website will be at risk from vulnerabilities.

4. To disable modsecurity, all we need to do is remove/rename that file and restart apache. Remove the include line loading mod_security (or more likely mod_security2) from your Apache config.