ModSecurity is an open-source web application firewall (WAF) program that improves online application security and protects against a variety of cyber threats, including SQL injection and cross-site scripting, among others.
ModSecurity is turned on by default at Intek Host, and although it is recommended that you leave it enabled, there may be times when you need to deactivate it, such as to resolve compatibility problems with certain of your scripts, plugins, or widgets.
How to Disable Mod Security via .htaccess File
Disabling Mod Security through the .htaccess file is a straightforward process, often used to address compatibility issues with specific applications. The steps outlined below will guide you through the procedure.
Firstly, access to the website’s root directory via FTP or the StackPanel File Manager must be obtained. The .htaccess file should be located in this directory. If it is not visible, ensure that hidden files are being displayed.
Once the .htaccess file is located, it should be opened for editing. To disable Mod Security, the following lines of code must be added:
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>
After inserting this code, the .htaccess file should be saved and closed. These changes will effectively disable Mod Security for the website.
It is crucial to understand that while Mod Security is disabled, the website may be more vulnerable to certain types of attacks. Monitoring the site closely for any security issues is recommended.
By following these steps, Mod Security can be successfully disabled via the .htaccess file, ensuring compatibility with specific applications while maintaining vigilance regarding potential security risks.