How To Disable mod_security in Apache using .htaccess


disable mod_security in apache using htaccess

mod_security is a useful Apache module to protect your websites and web applications from malicious attacks and vulnerabilities. However, sometimes it can give you error messages, when your website is under development, or being updated. In such cases, it is advisable to disable mod_security in Apache, fix those issues, and re-enable the mod_security module. Let us look at how to disable mod_security in Apache using .htaccess.

 

How To Disable mod_security in Apache using .htaccess

Here are the steps to disable mod_security in Apache using .htaccess. Before you proceed, please ensure .htaccess (mod_rewrite) is enabled on your Apache server. Here’s how you can do it:

  1. How to Enable mod_rewrite for Apache in Ubuntu
  2. How to Enable mod_rewrite for Apache in CentOS

 

1. Open .htaccess file

Open .htaccess file using a text editor


$ sudo nano /var/www/html/.htaccess

 

2. Disable mod_security

Add the following lines to it.

<IfModule>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

Save and close the file.

 

3. Restart Apache

Restart Apache to apply changes

Ubuntu/Debian:


$ sudo service apache2 restart

 

RHEL/CentOS/Fedora:


$ sudo systemctl restart httpd

 

Please note:

  1. If your hosting provider has enabled mod_security for your website, please reach out to them before you disable it
  2. If you have cPanel installed for your website, try disabling mod_security via cPanel. It is a lot easier to disable/enable Apache modules via cPanel.

 

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!