Mod_security is an open source web application firewall module for Apache. Apache 2.x uses mod_security2, while Apache 1.x uses mod_security1.
In Apache 1.x, to disable mod_security for a domain, all you need to do is add the following code to the .htaccess file:
SecFilterEngine Off
In Apache 2.x it is not possible to block mod_security via .htaccess.
On cPanel server the following steps can be use to disable mod_security for a single domain:
1. Create a directory, change domain.com to the actual domain:
mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain.com
2. Create the following file in the new directory:
vi vhost.conf
3. Add the following code to vhost.conf:
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
To disable mod_security for a particular location add the following to vhost.conf file:
<LocationMatch specify_the_path_here>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
To disable a mod_security rule:
<IfModule mod_security2.c>
SecRuleRemoveById give_ruleID_here
</IfModule>
4. After you apply the changed make sure to run:
/scripts/ensure_vhost_includes --user=username
The above script will uncomment the following line in Apache’s configuration:
Include "/usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf"
This will customize the vhost to use the particular include file.