You can find answers to the questions of What is Mod Security and How to Turn off Mod Security via cPanel in our content. Mod Security is an open source security software used on almost every server. It should be noted at the outset that turning off Mod_Sec can cause various security issues.
What is Mod Security?
ModSecurity is a Firewall used to increase the security of web applications (such as PHP, ASP). ModSec is a software that contains a set of rules that are generally used to scan HTTP requests and the responses resulting from these requests, and to identify potential threats while scanning.
- SQL injections
- XSS (Cross-Site Scripting) attacks
- session hijacking
- It was developed to protect the web application against HTTP metadata attacks.
Widely used on Apache-based servers, ModSecurity is also adaptable to other servers because it is open source. It is powered by OWASP (Open Web Application Security Project) and is currently being developed. This makes ModSecurity one of the most preferred reasons.
What are the Advantages of Mod Security?
- Open source: ModSecurity is an open source project and allows users to configure it according to their specific needs. It can also be applied to software other than Apache.
- Scanning HTTP requests and responses: ModSecurity is designed to scan HTTP requests and responses and includes a set of rules and analytical tools used to identify potential threats.
- Comprehensive protection: ModSecurity protects against SQL injections, XSS (Cross-Site Scripting) attacks, session hijacking, HTTP metadata attacks and many more dangerous web application attacks.
To wrap up the issue; ModSecurity is doing very well in listening to HTTP traffic. ModSecurity closes this vulnerability because not all logs are listened to in Apache logs. It is frequently preferred by server administrators as it supports many different log analysis standards.
What Are the Disadvantages of Mod Security?
- High resource requirement: ModSecurity requires a large amount of resources to scan HTTP requests and responses and may need large servers for large web applications. This can cause various performance issues.
- Difficult to configure: Correct configuration of ModSecurity is time consuming and difficult as it must be done by a skilled security professional.
- Update and maintenance requirement: ModSecurity needs to be up to date and require regular maintenance, otherwise it may not be able to scan for current threats.
How to Turn off Mod Security? – cPanel
Mod Security is a firewall that can be easily turned off via cPanel. As we explained in the cPanel PHP Version Change content, after logging into cPanel, it is enough to search for “Mode” in the “Search Tools” section. Simply set the button to the “Off” position.
Do not forget to consult your Web Hosting company as this process is about security.
How to Turn off Mod Security? – htaccess
The second closing method is to write various code in the .htaccess file. First of all, if you are using WordPress, you should definitely make a backup.
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>
Simply add these codes to the .htaccess file. If the codes above did not turn off Mod Security, you can try the codes below.
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %REQUEST_FILENAME !-f RewriteCond %REQUEST_FILENAME !-d RewriteRule . /index.php [L] </IfModule>
You can use the codes below to turn off ModSecurity only on some URLs.
<IfModule mod_security.c> <If "%REQUEST_URI =~ m#/admin/#"> SecFilterEngine Off SecFilterScanPOST Off </If> </IfModule>
Mod Security Issues in WordPress
Especially in the last year, I had the opportunity to work with many different companies while setting up more than 400 SEO-focused WordPress Blog and Corporate sites. Rank Math’s “Breadcrumbs” function was disabled due to special Rule strings that some companies put in ModSecurity software.
Again, due to these special rule strings, any function could not be opened or closed in the Litespeed Cache plugin. If you encounter such problems, you can ask your company to specifically close this application.
Don’t forget to follow RedBraces.net for such content.