This article describes how to manage the ModSecurity (also referred to as "Modsec") module in cPanel.
ModSecurity is an Apache module that provides an extra layer of protection for your account. It provides HTTP request filtering and other capabilities to help detect and block attacks before they can reach an application.
By default, the ModSecurity module is enabled. However, there may be situations where you need to disable ModSecurity for testing or troubleshooting purposes. For example, it is possible an application may not function correctly when ModSecurity is enabled. To verify this, you can disable ModSecurity and see if the application works correctly.
To manage the ModSecurity module for your account, follow these steps:
If you are using the Paper Lantern theme, in the SECURITY section of the cPanel home page, click ModSecurity:
To disable ModSecurity, do one of the following:
To re-enable ModSecurity, do one of the following:
For more information about ModSecurity, please visit https://github.com/SpiderLabs/ModSecurity/wiki.