mod_security is a useful Apache module to protect your websites and web applications from malicious attacks and vulnerabilities. However, sometimes it can give you error messages, when your website is under development, or being updated. In such cases, it is advisable to disable mod_security in Apache, fix those issues, and re-enable the mod_security module. Let us look at how to disable mod_security in Apache using .htaccess.
How To Disable mod_security in Apache using .htaccess
Here are the steps to disable mod_security in Apache using .htaccess. Before you proceed, please ensure .htaccess (mod_rewrite) is enabled on your Apache server. Here’s how you can do it:
1. Open .htaccess file
Open .htaccess file using a text editor
$ sudo nano /var/www/html/.htaccess
2. Disable mod_security
Add the following lines to it.
<IfModule> SecFilterEngine Off SecFilterScanPOST Off </IfModule>
Save and close the file.
3. Restart Apache
Restart Apache to apply changes
$ sudo service apache2 restart
$ sudo systemctl restart httpd
- If your hosting provider has enabled mod_security for your website, please reach out to them before you disable it
- If you have cPanel installed for your website, try disabling mod_security via cPanel. It is a lot easier to disable/enable Apache modules via cPanel.