Working with ModSecurity

All shared and reseller web hosting accounts come enabled with mod_security.  Mod_security is a "firewall" for your website and helps prevent people from compromising your website.  Please keep in mind that it's still required for you to keep your scripts up to date, mod_security will not block every hack attempts, only commonly used ones.  If you are seeing a "406 Error" that is related to a mod_security block.

Just like in any virus or firewall software, there can be false posiitves and depending on the way you have your site configured or the scripts you use, mod_security might interfere with your website.  You have the option to disable mod_security if it will not work with your website, however we highly recommend keeping it enabled so your website(s) is protected.

There are two ways to disable mod_security.

  1. Recommended: Log into cPanel and click on the ModSecurity icon and then click on the 'Disable' button on the top of that page. 
  2. Advanced Users: Edit the .htaccess file in public_html and add SecFilterEngine Off to the top of that file.

Was this answer helpful?

 Print this Article

Also Read

How do I block an IP address from reaching my website?

Please view our video tutorial at: http://www.cpanel.net/media/tutorials/ipdeny.htm  

Do you offer Let's Encrypt?

Yes, we support Let's Encrypt, it's available in cPanel.

What is the MySQL hostname?

When configuring your script, it will most likely ask you what the MySQL hostname is.  Please...

Max email size?

You can send emails up to 50Mb in size.    

My site is listed as an attack page?

When visiting your website, if you receive an error stating it's an attack page, that means that...