Windows vs Linux VPS Hosting – Key Differences and Benefits
VPS is well known as a virtual private server. VPS has a server-splitting process. Each…
An Apache module that helps to secure your website from several attacks is called Mod_security. Commonly known exploits blocked with mod_security by using regular expressions and rule sets. It helps in strengthening the security of your servers by potentially blocking common code injection attacks.
No doubt mod-security can be useful when properly configured but many hosting providers don’t do this job correctly leading to problems. The commonly faced problems include triggering of security protocols on standard actions which allowed, 403 or 404 errors, access denied errors, login issues, unable to modify categories and boards, or similar problems.
When a dynamic website coded there’s a possibility of users forgetting to write the code to help prevent hacks by doing things like validating input. Mod_security can help users who don’t have security checks enabled in their code.
http://www.webapp.com/login.php?username=admin'">DROP%20TABLE%20users--
The above code is a simple MySQL injection where visiting this will enable the database to DROP and delete the user’s table from the database. But if you have enabled mod_security on your server, it will block this from running or typically you might see a 404 error. Rules can be set up to check HTTP requests again and find whether the threat present.
You can recognize mod_security very easily. Any website that calls a string forbidden by a mod_security rule gives a 406 error instead of displaying the page.
If you are a Dedicated or VPS customer you can disable mod_security for the complete server too. For this, select “No Configuration” from WHM > Mod_security.
Note: Mod_security is an extra layer of security and if you disable/remove it your server exposed to potential risks.
Steps to Manually Disable Mod_Security on a Dedicated or VPS Server –
You might need to disable mod_security for some applications to help them function correctly. This is fine and as the set_modsec tool is available only on shared servers, disabling mode_security for a single domain is a must.
mkdir -p /usr/local/apache/userdata/std/2/USER/DOMAIN.COM
echo "SecRuleEngine Off" > /usr/local/apache/userdata/std/2/USER/DOMAIN.COM/modsec.conf
service httpd restart
Below are the Steps to Disable Mod_Security Rules on Dedicated or VPS Servers
In order to disable individual mod_security rules on Dedicated or VPS servers use SecRuleRemoveById. Check the Apache error log (/usr/local/apache/logs/error_log) for finding the ID to disable. The domain that is having the problem can be grep and use Mod_security to find the problem –
grep domain.com /usr/local/apache/logs/error_log | grep ModSecurity
As a result, the output will include a section like [id “950004”], which represents the Mod_Security rule ID that you need to disable.
Next, open the applicable .htaccess file (replace the error of your matched error with the 950004 example used below)
SecRuleRemoveById 950004
Note: Including the SecRuleEngine Offline will completely disable Mod_Security.
Finally, save the file and restart Apache to ensure the changes take effect.
Explore more hosting insights, tips and industry updates.
VPS is well known as a virtual private server. VPS has a server-splitting process. Each…
In this article, we will help you to create a Reseller Account in Plesk. What…
If you’re using an iPhone to manage your email and notice that some folders (like…