How to disable ModSecurity in Directadmin?

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,353
Points
63
My website script required to disable ModSecurity in Directadmin to make functions work exactly. How can I disable ModSecurity in Directadmin? if I disable this feature, does it affect to security of my web hosting or websites?
 

HostechSupport

Active member
Registered
Joined
Jan 19, 2013
Messages
68
Points
8
If you are using ModSecurity on your server with DirectAdmin, you sometimes need to disable mod_security on the server.

Default custombuild installation, mod_security rules installed in:

/etc/modsecurity.d/
Apache load’s ModSecurity modules and configuration in:

/etc/httpd/conf/extra/httpd-modsecurity.conf
Disable mod_security
Easiest way disable Modsecurity is disable apache to load ModSecurity module in https-modsecurity.conf file.

Add #comment’s to start LoadModule directive:

httpd-modsecurity.conf
LoadFile /usr/local/lib/libxml2.so
#LoadModule security2_module /usr/lib/apache/mod_security2.so
<ifmodule mod_security2.c>
# Default recommended configuration
SecRuleEngine On
SecRequestBodyAccess On
.
.
.
</ifmodule>
SecRuleEngine

Another method if you wanna keep ModSecurity module loaded to apache is change SecRuleEngine to Off

SecRuleEngine Off
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,353
Points
63
David Beroff
Thank you, I will try to check it out
what are to fill into. . . in these your codes?

# Default recommended configuration
SecRuleEngine On
SecRequestBodyAccess On
.
.
.
</ifmodule>
 

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
Yes, disabling mod_security may affect security. That is the purpose of mod_security.

Though, if you keep all applications updated, you should be good.
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,353
Points
63
David Beroff
I got it but one of my website script required to disabled mod_security, maybe I need disabled it but I am afraid that it will affect to security of other websites on same server.
 

mariablassingame

New member
Registered
Joined
May 24, 2019
Messages
10
Points
3
Disabling ModSecurity for a VirtualHost
# Login right into DirectAdmin as admin,
# Most likely to "Add Personalized Httpd Arrangements" web page,
# Select a wish domain name.
# Area code in a textarea: |? SEC_RULE_ENGINE=OFF |
# as well as likewise preserve changes.
# wait a min or more and additionally see end results.
 

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
You can also have a WAF and route other website traffic through it.
 

harry_v

Active member
Registered
Hosting Provider
Joined
Dec 20, 2017
Messages
72
Points
8
My website script required to disable ModSecurity in Directadmin to make functions work exactly. How can I disable ModSecurity in Directadmin? if I disable this feature, does it affect to security of my web hosting or websites?

Hello David Beroff,

ModSecurity
or Modsec is a vital security software application required for server security. It is a web application that enables a firewall for your server. DirectAdmin's new ModSecurity feature enables users to skip some ModSecurity Rules and fully disable ModSecurity whenever required.

However, to make some functions work precisely for the admin, we may need to disable them temporarily. Therefore, below given are the steps to disable ModSecurity from the server via the DirectAdmin panel.

  • Firstly, log in to your DirectAdmin dashboard.
  • Then, scroll to the Advanced Features section and click on the ModSecurity logo.
You will see the ModSecurity dashboard, where you can manage the Status and view the Log.
  • Now open the Status & Disabled Rules tab.
  • Then, select the On or Off checkbox for SecRuleEngine to disable the ModSecurity tool.
  • Lastly, click the SAVE button.
  • Thus, it will generate a message displaying ModSecurity Rules Saved.

Disabling ModSecurity Rule ID via DirectAdmin:

  • Firstly, enter the Rule ID in the ID field of the Disabled Rules section.
  • Then, click the DISABLE RULE button.
A success message will arise at the bottom: 'Skipped rule added,' and the system will add the Rule ID in the list beneath the ModSecurity Disabled Rules section.
  • Now, select the textbox next to the Rule ID and click the Delete option to re-enable the disabled ModSecurity rule.
  • Finally, at the bottom of the screen, the system will flash a message "Selected skipped rules removed."
  • Also, the Rule ID will be removed from the list of ModSecurity Disabled Rules section.

I hope the information above helps you to disable the ModSecurity rule from the DirectAdmin panel.

------------------------
Regards,
harry_v
 

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top