How to whitelist Mod_security rules for a domain on a CPanel server
First off-all, you need to find the Rule ID. You can find it from the apache error log (grep for your IP) or if you have CSF installed and keep getting your IP blocked, check /etc/csf/csf.deny to see if its listing the mod_security rule that you were blocked from.
Once you have the rule’s id number, you will need to create the following file and directory, as some of them are not there by default.
# mkdir -p /usr/local/apache/conf/userdata/std/2/user/domain.com
# vim /usr/local/apache/conf/userdata/std/2/user/domain.com/domain.com.conf
Add the following lines and whitelist some mod_security rules.
#
SecRuleRemoveById
#
Be sure to replace with the Rule ID number of the mod_security rule you need to whitelist. Save the file, and then run the following commands, replacing with the actual cpanel user name.
Enabling the userdata includes in Apache conf
/scripts/ensure_vhost_includes –user=cpanel user
This uncomments a line in the VirtualHost entry in httpd.conf for this domain to include any .conf files in /usr/local/apache/conf/userdata/std/2/user/domain.com/
[# /usr/local/cpanel/bin/apache_conf_distiller –update
# /usr/local/cpanel/bin/build_apache_conf
These compile and distill the changes into Apache’s configuration.