Mod_security is an Apache component that allows to secure your website from various attacks. It is used to prevent generally known exploits by use of frequent expression and rule sets and is allowed on all web servers by default.
[wpfmb type=’info’ theme=2]you want to configure Mod-Security on your server, you may check here: configure mod_security 2 on Linux server[/wpfmb]
Mod_Security can possibly prevent common code injection attacks which fortifies the protection of the server. If you need to turn off the mod_security rules, please do the following steps:
The mod security configuration file is:
For disabling it for a domain, first we need to open the configuration file and add the following line to conf file:
After that you need to edit the file and add the following lines to the file:
SecRule SERVER_NAME “domain.com” phase:1,nolog,allow,ctl:ruleEngine=off SecRule SERVER_NAME “example.com” phase:1,nolog,allow,ctl:ruleEngine=off
Don’t forget to replace the domain name field with your domain name.
Now save the file and restart Apache.
service httpd restart