How do I disable mod_security in Sentora?
Linode
Linode Staff
I have Sentora and WordPress running on my Ubuntu 14.04 server. There is a plugin that breaks each time it runs, I was told to disable mod_sec for it to run properly. How can I find and disable mod_sec?
2 Replies
Hi,
I'm not too familiar with using Sentora but I hope I can get you enough information here to help out. If you are looking to disable mod_security from within Sentora you should be able to so from the virtual host file for each site. To access the virtual host files in Senota navigate to 'Module Admin > Apache Config > Override a Virtual Host' or, you may be able to set it globally in 'Module Admin > Apache Config > Global Sentora Entry'. You'll be looking for the SecRuleEngine directive and set that to off, you'll need to restart Apache after making the changes.
SecRuleEngine Off
According to the Sentora docs Apache configuration options can be found in the following directories at the command line. However, directly editing a configuration file controlled by a control panel can cause it to be overwritten. I would suggest trying to disable it first through Sentora:
/etc/apache2/httpd.conf
/etc/sentora/configs/apache/httpd.conf
/etc/sentora/configs/apache/httpd-vhosts.conf
To search these:
egrep -ir '(modsecurity|mod_security|secruleengine)' /etc/apache2/ /etc/sentora/configs
I also came across another suggestion for removing specific mod_security rules. If there is only one being triggered by the plugin, this may be a preferable. This command will return an ID of a rule that triggered mod_security.:
grep yourdomain.com /var/log/apache2/error.log | grep -i modsecurity
Then set the directive in /etc/modsecurity/modsecurity.conf and restart Apache.
SecRuleRemoveById <ID>
