How to Disable a Specific Rule for Mod security on a Single Domain

From Acenet Knowledgebase
Jump to navigation Jump to search

This article pertains specifically to Dedicated Servers and Virtual Servers. The apache configuration file and the associated Include file are not accessible to shared hosting customers. If you are encountering a 406 error on your site and you own a shared hosting account, Acenet staff will need to perform these steps. If you are the administrator of a Virtual or Dedicated server, you can follow this article to disable a specific mod_security rule for one of your domains.

This guide assumes Apache 2.x is running on your server. 

[1] Open the Apache config file via SSH with your favorite text editor:

/usr/local/apache/conf/httpd.conf

[2] Locate the VirtualHost entry for the domain you wish to disable the mod_security rule on.

[3] Near the end of the the user's VirtualHost entry, you'll see something like:

<syntaxhighlight lang="bash"># To customize this VirtualHost use an include file at the following location Include "/usr/local/apache/conf/userdata/std/2/<USERNAME>/<DOMAIN>/*.conf" </syntaxhighlight>

Note the path that is listed there. If you don't see this line near the end of the VirtualHost entry, create it. As long as it's created in the same format noted above, it will persist between Apache config rebuilds. Note that the domain <DOMAIN> must match the domain present within that VirtualHost entry and <USERNAME> must match the username.

[4] Create the *.conf file and any necessary folders in the path noted in step 3.

[5] Open the *.conf and add in these directives:

<syntaxhighlight lang="bash"> <IfModule mod_security2.c>

SecRuleRemoveById ######

</IfModule> </syntaxhighlight>

Replace ###### with the actual Rule number

This will disable a specific mod_security rule and allow our modifications to persist between httpd.conf rebuilds.

[6] Restart Apache <syntaxhighlight lang="bash">service httpd graceful</syntaxhighlight>

You should now be able to visit the domain for which you disabled this rule without a 406 error being thrown.