How to disable specific modsecurity rule on Linux server?

Disable specific modsecurity rule on Linux server through commands.

  1. Bhawani Singh
    Mod security is an apache server module due to which our sites get protected. It blocks various hacking attempts to and prevents your website from hackers. Modsecurity is a set of rules which filters your website’s data from code injection attack. You always have to turn on modsecurity to make secure your website from various malicious attacks. But sometimes modsecurity can’t make difference in valid request or attacks, in this case we have to disable particular rule in modsecurity.

    There are two ways to turn it off on Linux server, first is through WHM and second in command line. If you want to disable the rule through WHM then you can check our previous article: How to Disable mod-security rule in WHM? In this article we are going to explain about how to disable particular mod security rule with the help with command line. Let’s check it out....

    • First you have to login to server via SSH.
    • Now first you have to check for the particular mod security rule which is causing the issue. So run the below command:
    grep ModSecurity /usr/local/apache/logs/error_log | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c | sort –n
    You will get the following output:

    129 991111 /feed/
    4668 981261 /wp-content/ wp-content/drone/jquery.cookie.js
    29070 981261 /wp-content/themes/drone/jquery.cookie.js
    • Now we can see that rule 981261 is triggered on server when they request for wp-content/themes/drone/jquery.cookie.js file.
    • At last enter the below command to disable the particular modsecurity:
    echo "SecRuleRemoveById 981261" >> /usr/local/apache/conf/userdata/std/2/userna5/