A suggestion about ModSecurity


Verified User
Aug 1, 2019
When ModSecurity is installed, it is enabled by all users.
A switch to turn off ModSecurity should be set in the user GUI.


Verified User
Jun 27, 2019
I would not be in favor of this. Or at least if it is, server administrators should be able to toggle whether this is included in user's panels or not.

I think cPanel offers something like this, and it's one of the more stupid features that cPanel created if you ask for my humble opinion.

If you give end-user's the ability to turn off ModSecurity... then they are going to turn off ModSecurity. How does that help the overall server security?

How many guides do you see out there that say... "If you get an error when doing this, log into your cPanel and click the disable ModSecurity button, this should fix the problem." No, it's not fixing the problem. It's opening your account up for further compromising - but the guides don't tell you that. They just care about selling whatever product it is that they have and insuring that it works on your account.

If an account is having trouble caused by a ModSecurity rule, then that rule either needs to be exempted for them or the script is misbehaving in some way (or the ruleset is too strict).

The easiest solution to a problem isn't always the best solution to a problem.