Disabling Mod Security for My Specific Domain Name

Mod Security is a web application-level Firewall that protects your website from certain known threats from user-level actions. It works seamlessly with most of the websites, but sometimes it can conflict with some type of website or some functionality in certain CMS. In that case, it can identify which specific Mod Security rule is conflicting, you can disable that. But in many cases, it is very difficult to detect those specific rules. In those cases, it is better to disable the Mod_Security Rules for the domain where you are facing the issue. To disable Mod_Security for your domain, follow the below instructions:

1. Log in to your Plesk Control Panel
2. Click on the Domain you want to manage from the Default “Websites & Domains” section. The options available for that domain will appear below as a dropdown section.
3. Click on the “Web Application Firewall” from the options shown for that domain.
4. You will find that the “Web Application Firewall Mode” is set to “On”. You can also see “Mod_Security Log File” on this page which may help you detect the Mod_Security rule that is conflicting and disable that rule specifically see the below instruction on how to detect a specific mod_security rule and disable it. To disable Mod_Security completely for this domain, set the Web Application Firewall Mode to “Off”
5. After making the change, click on the “Ok” or “Apply” button to apply your changes. The Mod_Security Should be now disabled for your domain.

How to find and Disable Specific Mod Security Rules (for Advanced Users)?

If you are a developer and have familiarity with Mod_Security Rules, you can disable the specific Mod_Security Rules for your website instead of disabling it entirely. To do that, first, you need to find what the Mod_Security role is being activated that is affecting your website functionality. To find it:

1. Log in to your Plesk Control Panel
2. Click on the Domain you want to manage from the Default “Websites & Domains” section. The options available for that domain will appear below as a dropdown section.
3. Click on the “Web Application Firewall” from the options shown for that domain.
4. Click on the “Mod Security Log File” link on this page. You will find recent ModSecurity Triggers here.
5. Click on the “More >>” link on the Relevant Action or Trigger that you want to fix.
6. You will see a detailed log here for that incident. On that log, Have a look into the “Producer: ” section that will look something like “ModSecurity for IIS (STABLE)/*.*.* (http://www.modsecurity.org/); XXXX_XX”
7. The last part after the semicolon (;) will describe the ModSecurity Rule that was activated. You will need to disable this list from the previous page.
8. Go back to the previous page, You may search for the exact name of that role On the search box at the bottom that says “Active:”
9. Now just click on the relevant role or tags and it will be moved to the “Deactivated” section.
10. Click on the “OK” or “Apply” button to save your changes and check if that resolves your issue.

If you deactivate a specific ModSecurity Rule in this way and it works for you, then you do not need to Disable Mod Security completely.

How to disable or enable my domain’s ModSecurity from CPanel?

In these two ways, you can work around with Mod Security on your hosting using our Plesk with Windows Hosting.