How do I enable or disable ModSecurity (ModSec) through cPanel?

All shared, reseller, and semi-dedicated services have ModSecurity enabled by default. ModSecurity provides an extra layer of security by protecting your sites from known exploits. It is generally best practice to keep ModSec enabled.

Troubleshooting 403 errors from ModSecurity

A 403 Forbidden error is a common symptom of triggering a ModSec rule. To resolve this:

1. Open a support ticket and provide your IP address (check at myip.hawkhost.com) so we can identify the specific ModSec rule being triggered.

2. Once the rule ID is identified, you can disable that specific rule by adding the following to your .htaccess file:

   SecRuleRemoveById 12345

   Replace 12345 with the actual rule ID provided by our support team.

Fully disabling ModSecurity

If you need to disable ModSec entirely for a domain:

1. Log in to cPanel and search for ModSecurity:

   

2. Locate the domain and toggle the On/Off switch to disable ModSec:

   

3. ModSecurity is now disabled for that domain.