Mod_security is an Apache component that allows to secure your website from various attacks. It is used to prevent generally known exploits by use of frequent expression and rule sets and is allowed on all web servers by default.
Mod_Security can possibly prevent common code injection attacks which fortifies the protection of the server. If you need to turn off the mod_security rules, please do the following steps:
The mod security configuration file is:
/usr/local/apache/conf/modsec2.user.conf
For disabling it for a domain, first we need to open the configuration file and add the following line to conf file:
/usr/local/apache/conf/modsec2.whitelist.conf
After that you need to edit the file and add the following lines to the file:
SecRule SERVER_NAME “domain.com” phase:1,nolog,allow,ctl:ruleEngine=off SecRule SERVER_NAME “example.com” phase:1,nolog,allow,ctl:ruleEngine=off
Don’t forget to replace the domain name field with your domain name.
Now save the file and restart Apache.
service httpd restart