Search Our Database

How to Enable or Disable ModSecurity in cPanel

Last updated on |

Introduction

ModSecurity is a popular web application firewall that helps protect websites from various attacks, such as SQL injection and cross-site scripting. For website owners and administrators using cPanel, managing ModSecurity settings is essential to ensuring the security and functionality of their site. This guide provides a step-by-step approach to enabling or disabling ModSecurity in cPanel. Adjusting these settings is particularly useful when dealing with false positives that block legitimate traffic or when strengthening your website’s security posture.

 

Prerequisite

  • Access to a cPanel account

 

Steps to Enable or Disable ModSecurity

Step 1: Log in to cPanel

  • Log in to your cPanel account using your username and password. This can usually be accessed through a URL provided by your hosting provider, for example: https://yourdomain.com/cpanel or https://yourdomain.com:2083

 

Step 2: Navigate to ModSecurity

  • Once logged in, scroll down to the Security section and click on ModSecurity. This will open the ModSecurity interface where you can manage the firewall settings for your domains.

 

 

Step 3: Enable or Disable ModSecurity

  • For each domain listed, you will see a toggle button labeled On/Off.
  • To enable ModSecurity, ensure the toggle is set to On. This will activate the firewall for the selected domain.
  • To disable ModSecurity, set the toggle to Off. This will turn off the firewall for the selected domain.
Important Note: It is recommended to keep ModSecurity enabled to protect your site from potential threats. Disable it only if you are sure it is necessary, such as when troubleshooting false positives that block legitimate traffic.

 

 

Conclusion

This guide has covered the process of enabling or disabling ModSecurity in cPanel. Keeping ModSecurity enabled is essential for maintaining your site’s security. If you encounter issues due to false positives, consider reviewing your ModSecurity rules before disabling the feature entirely.

Should you have any inquiries of the guidelines, please feel free to open a ticket through your portal account or contact us at support@ipserverone.com. We’ll be happy to assist you further.

 

Article posted on 30 March 2020 by Louis