This article provides you with information regarding why Mod_security application firewall is so important in both shared and VPS environments.



What is mod_security?

Apache (Your web server software) comes with a module called "mod_security" that protects your website from attackers that compromise your site through the web URL's. Code can be added to the end of your web URL that can contains SQL statements. This SQL statement can delete, insert data, or do other damages to your website when mod_security is disabled. A common URL injection looks like the following:

http://www.domain.com/index.php?username=admin'">DROP%20TABLE%20wp-users--

In this case, the database table called users will be deleted from the database with the DROP statement. Servers running mod_security will flag that URL as a Hack attempt and result in a 406 error.




How do I work around mod_security?


If you are getting 406 errors on your site due to mod_security you can do one of the following:


  • Remove the plugin / php code causing it and use a different plugin or php code.
  • Disable mod_security


How do I disable mod_security?


**Note: The Mod Security Manager in cPanel is not working currently. Please contact  our Support Center  if you need assistance disabling a mod security rule. We apologize for any inconvenience this may cause.



TIP: For more articles on cPanel please see our cPanel category. Alternatively should you wish to contact our Support Center please click here.