hosting.com
Knowledge Base
Hosting Panel

Managing the ModSecurity module in cPanel

The ModSecurity module is enabled by default. However, you can disable it if necessary for testing or troubleshooting purposes. This article shows you how.

Suggest Edits

This article describes how to manage the ModSecurity (also referred to as "Modsec") module in cPanel.

About ModSecurity

ModSecurity is an Apache module that provides an extra layer of protection for your account. It provides HTTP request filtering and other capabilities to help detect and block attacks before they can reach an application.

By default, the ModSecurity module is enabled. However, there may be situations where you need to disable ModSecurity for testing or troubleshooting purposes. For example, it is possible an application may not function correctly when ModSecurity is enabled. To verify this, you can disable ModSecurity and see if the application works correctly.

🚧

Important

If you have an application that does not seem to work with ModSecurity, please open a support ticket at https://my.hosting.com so we can help you investigate further.

Managing ModSecurity

To manage the ModSecurity module for your account, follow these steps:

  1. Log in to cPanel.

    📘

    Note

    If you do not know how to log in to your cPanel account, please see this article.

  2. Open the ModSecurity tool:

  • If you are using the Jupiter theme, on the Tools page, in the Security section, click ModSecurity:
    cPanel - Security - ModSecurity icon

  • If you are using the Paper Lantern theme, in the SECURITY section of the cPanel home page, click ModSecurity:
    cPanel - Security - ModSecurity icon

  1. To disable ModSecurity, do one of the following:

  • To disable ModSecurity for all of your domains, under Configure All Domains, click Disable.

  • Alternatively, to disable ModSecurity for a specific domain, under Configure Individual Domains, locate the domain, and then click Off.

  1. To re-enable ModSecurity, do one of the following:

  • To enable ModSecurity for all of your domains, under Configure All Domains, click Enable.

  • Alternatively, to enable ModSecurity for a specific domain, under Configure Individual Domains, locate the domain, and then click On.

More Information

For more information about ModSecurity, please visit https://github.com/SpiderLabs/ModSecurity/wiki.

Updated 3 days ago