Home / Security / How to Turn Off ModSecurity for a Site

How to Turn Off ModSecurity for a Site

Server racks
Question: My dedicated server is running ModSecurity, but one of the websites needs it turned off in order to operate correctly. How do I turn it off for just one site?

Answer: Before you proceed, keep in mind the reason you have ModSecurity installed in the first place. It is there to prevent security problems. Turning it off opens up that site and possibly even your server to attacks. The more practical approach would be to turn off certain features of ModSecurity to accommodate that site. By default, the restrictions are pretty stringent. You can ease some of them and still provide blanket security.

Nevertheless, if you insist on turning it off completely on a site, simply enter the following into an .htaccess file for ModSecurity 1:

<ifmodule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off

For ModSecurity 2, enter the following in the site’s virtual host section of the Apache configuration file:

<ifmodule mod_security2.c>
SecRuleEngine Off

Photo Source: Flickr

Check Also


Importance of web hosting to business

The world of business is very ruthless and unfair in some cases. It is a …