ModSecurity is an Apache web application firewall (WAF) module that helps protect websites from common attacks such as SQL injection, cross-site scripting (XSS), and malicious POST requests. While it provides an additional layer of security, certain applications or websites may generate false positives, resulting in errors such as 406 Not Acceptable<\/strong>.<\/p>\n\n\n\n In such cases, ModSecurity can be temporarily disabled either through the Before proceeding, ensure the following:<\/p>\n\n\n\n This method disables ModSecurity for a specific website using the site’s Navigate to the website document root and edit the Example:<\/p>\n\n\n\n Insert the following directives into the Save the changes and exit the editor.<\/p>\n\n\n\n Access the website and verify whether the issue has been resolved.<\/p>\n\n\n\n Note: In newer ModSecurity versions, these directives may not work because they are deprecated.<\/p>\n<\/blockquote>\n\n\n\n If the Check the Apache configuration includes:<\/p>\n\n\n\n These paths allow custom domain-specific Apache configurations.<\/p>\n\n\n\n Example:<\/p>\n\n\n\n Create the directories:<\/p>\n\n\n\n Add the following line:<\/p>\n\n\n\n Save and exit the file.<\/p>\n\n\n\n Run the following command:<\/p>\n\n\n\n Or on newer systems:<\/p>\n\n\n\n After restarting Apache:<\/p>\n\n\n\n.htaccess<\/code> file or by creating a custom Apache configuration for a specific domain.<\/p>\n\n\n\n
\n\n\n\nPrerequisites<\/h2>\n\n\n\n
\n
\n\n\n\nMethod 1: Disable ModSecurity Using
.htaccess<\/code><\/h1>\n\n\n\n.htaccess<\/code> file.<\/p>\n\n\n\nStep 1: Open the
.htaccess<\/code> File<\/h3>\n\n\n\n.htaccess<\/code> file.<\/p>\n\n\n\ncd \/home\/USERNAME\/public_html\nvi .htaccess\n<\/pre>\n\n\n\n
\n\n\n\nStep 2: Add the Following Lines<\/h3>\n\n\n\n
.htaccess<\/code> file:<\/p>\n\n\n\nSecFilterEngine Off\nSecFilterScanPOST Off\n<\/pre>\n\n\n\n
\n\n\n\nStep 3: Save the File<\/h3>\n\n\n\n
\n\n\n\nStep 4: Test the Website<\/h3>\n\n\n\n
\n
\n\n\n\nMethod 2: Disable ModSecurity for a Specific Domain Using Apache Configuration<\/h1>\n\n\n\n
.htaccess<\/code> method does not work, create a custom Apache configuration for the domain.<\/p>\n\n\n\n
\n\n\n\nStep 1: Verify Apache Include Paths<\/h2>\n\n\n\n
Include \"\/usr\/local\/apache\/conf\/userdata\/*.conf\"\nInclude \"\/usr\/local\/apache\/conf\/userdata\/*.owner-root\"\nInclude \"\/usr\/local\/apache\/conf\/userdata\/std\/*.conf\"\nInclude \"\/usr\/local\/apache\/conf\/userdata\/std\/*.owner-root\"\nInclude \"\/usr\/local\/apache\/conf\/userdata\/std\/2\/*.conf\"\nInclude \"\/usr\/local\/apache\/conf\/userdata\/std\/2\/*.owner-root\"\n<\/pre>\n\n\n\n
\n\n\n\nStep 2: Navigate to the Userdata Directory<\/h2>\n\n\n\n
cd \/usr\/local\/apache\/conf\/userdata\/std\/2\/\n<\/pre>\n\n\n\n
\n\n\n\nStep 3: Create User and Domain Directories<\/h2>\n\n\n\n
\n
google.com<\/code><\/li>\n\n\n\ngoog<\/code><\/li>\n<\/ul>\n\n\n\nmkdir goog\ncd goog\nmkdir google.com\ncd google.com\n<\/pre>\n\n\n\n
\n\n\n\nStep 4: Create the ModSecurity Configuration File<\/h2>\n\n\n\n
touch mod_security2.conf\nvi mod_security2.conf\n<\/pre>\n\n\n\n
SecRuleEngine Off\n<\/pre>\n\n\n\n
\n\n\n\nStep 5: Rebuild Apache Configuration<\/h2>\n\n\n\n
\/scripts\/ensure_vhost_includes --all-users\n<\/pre>\n\n\n\n
\n\n\n\nStep 6: Restart Apache<\/h2>\n\n\n\n
\/etc\/init.d\/httpd restart\n<\/pre>\n\n\n\n
systemctl restart httpd\n<\/pre>\n\n\n\n
\n\n\n\nVerification<\/h2>\n\n\n\n