Web Application Firewall (WAF) - mod_security

Suggest Edits

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

In order to improve the security of your hosting account, and hosted applications by default we have mod\_security enabled for all Linux shared hosting accounts.

We continue trying to add new rules, and fine tune rules that might be blocking legitimate requests, and traffic however there is always situations under which mod\_security may get triggered by legitimate request, which leads to a false positive and the following error being displayed in your browser:

Error code: 406

Error message: 

"Not Acceptable

An appropriate representation of the requested resource XXXXXXX could not be found on this server"

In certain cases, requests coming from a computer/IP address that trigger ModSecurity too many times in a short time frame, may result in a temporary IP block, which may prevent you from access your website, and hosting account hosted with us.

If you are facing issues such as being blocked out of your site, or false positives impacting the operations of your domain name, you can disable ModSecurity from your cPanel - control panel by clicking on the ModSecurity link under section "Security". The interface is straight forward and allows you to control the ModSecurity settings for the individual domains hosted, or your entire cPanel hosting account.

Our recommendation is that you leave ModSecurity enabled in order to get better protection for your websites and applications hosted.

If you choose to disable ModSecurity for any of your domains, we strongly recommend that you:

  1. Employ additional security modules,  plugins, settings, etc - for any websites, or applications hosted. Most applications have an extensive list of extra security features/plugins you can benefit form.

  2. Maintain up to date version of any applications hosted within your hosting account. This is crucial for any website, or applications hosted.

For more information about application security, please review our Blog articles at:

IMPORTANT: Disabling ModSecurity, and NOT following the above 2 rules may result in your account, or website being compromised which among other hardship, will require your entire account to be re-created from scratch.

For more information about ModSecurity, please visit: 

NOTE: If you can't locate the mod\_security link in your cPanel, please contact our support.

Updated 4 months ago