Disable Mod-security2 for a Domain in cPanel

First of all   we can’t block mod_security2 via .htaccess on domain basis . So never put .htaccess  mod-security rules. You have to disable it in the vhost configuration in apache.

In cpanel server  it  will be as  follows,

1) Create a custom vhost configuration file  called mod-security.conf in the following location.

# mkdir -pv  /usr/local/apache/conf/userdata/std/2/CPUSER/DOMAINNAME/
# touch  /usr/local/apache/conf/userdata/std/2/CPUSER/DOMAINNAME/mod-security.conf

2) Now add the following lines to this file

#################################
<IfModule mod_security2.c>

SecRuleEngine Off

</IfModule>
################################

The above will disable the modsecurity  rule for a particulr domain name . If you only need to disable the rules for a particlur folder , please add the  rules as follows,

######################
<LocationMatch specify_the_path_here>

  <IfModule mod_security2.c>

    SecRuleEngine Off

    </IfModule>

</LocationMatch>
#######################

If you only need to disable a particular rule , the create the file with the following ,

#########################3
<IfModule mod_security2.c>

SecRuleRemoveById give_ruleID_here

</IfModule>
##########################

3) Now as the final step please ensure this custom vhost using the following command in cpanel servers,

# /scripts/ensure_vhost_includes –user=CPUSERNAME

This script will uncomment the following line in apache configuration. It will customize the virtual host to use the particular include file and will restart apache.

##############
Include “/usr/local/apache/conf/userdata/std/2/CPUSER/DOMAINNAME/*.conf”
#################