ModSecurity is an open source, cross-platform Apache module often referred to as the “Swiss Army Knife” of web application firewalls. It helps to protect your website from various attacks and strengthens the security of your server. However, being from the Swiss Army, it tends to be overly protective. If ModSecurity is misconfigured, it can cause your website to return various errors such as HTTP 403 forbidden errors, access denied errors and login problems. In this scenario, you need to either disable certain ModSecurity rules or even disable ModSecurity altogether. Please note, ModSecurity is enabled as an extra layer of security and removing it can expose your website to potential risks. So be sure that your website will still be protected without ModSecurity.

How to identify and disable problematic ModSecurity rules on VPS and dedicated servers

ModSecurity uses rules that, for the most part, protect your website from hacker attacks. However, sometimes these rules do unfortunately block legitimate requests. You need to know how to identify these rules and disable them so your website can function optimally. You can disable individual ModSecurity rules by using the SecRuleRemoveById setting. Here’s how:

  1. Login to your server as the root user. Login via SSH.
  2. Find the ID of the rule you want to disable. To do this, look in the apache error log:
  • /usr/local/apache/logs/error_log
  1. You can also grep for the domain where the problem lies:
  • grep /usr/local/apache/logs/error_log | grep ModSecurity
  1. The lines you are then shown will provide you with the ID of the rule you want to disable. It will show as:
  • [id "950004"]
  1. To disable this rule, simply enter the following line (make sure you replace our 950004 example with the ID of your error):
  • SecRuleRemoveById 950004

Make sure you don’t enter the SecRuleEngineOff line. This will cause your ModSecurity to be totally disabled.

How to disable ModSecurity on VPS and dedicated servers

In certain situations, ModSecurity can interfere heavily with the operation of websites and applications. It then becomes necessary to disable ModSecurity for them to function correctly. ModSecurity will need to be disabled for a single domain. Here’s how you do it:

  1. Login to your server as the root user. Login via SSH.
  2. Open the httpd.conf file. Find the VirtualHost entry for that specific domain. Uncomment out the following include line (be sure to insert you own details):
  • Include "/usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN.COM/.conf”
  • The word “include” instructs Apache to include any file ending in .conf.
  1. Copy the line you uncommented and mkdir:
  • mkdir -p /usr/local/apache/userdata/std/2/USER/DOMAIN.COM
  1. Turn off ModSecurity by inserting this rule:
  • echo "SecRuleEngine Off" > /usr/local/apache/userdata/std/2/USER/DOMAIN.COM/modsec.conf
  1. Restart Apache
  • service httpd restart

We hope this has helped you solve your ModSecurity problems. Stay safe out there.