I've enabled Mod_Security on my VPS which runs an Ubuntu OS with an apache web server. Now, I want to disable it because I setup another firewall to protect my server.
I've tried preforming the steps in reverse order (taking out lines of code and disabling modules), but when I try to restart Apache, it keeps saying that it failed to restart.
I've been looking everywhere but I can't find out how to disable the WAF.
Any help would be appreciated!
A quick search of the interwebs suggests that one of the steps you will have undertaken to enable mod_security is to create the file /etc/modsecurity/modsecurity.conf. To disable modsecurity, all we need to do is remove/rename that file and restart apache.
Remove the include line loading mod_security (or more likely mod_security2) from your Apache config.
Probably would want to remove all the other config related to it too or, as well as pointlessly being there, you might have problems restarting Apache if the ModSecurity config isn't enclosed in if statements. Use the -t option to test Apache config after any changes before doing a restart.
However it should be noted ModSecurity is a web application firewall (WAF) and not a normal port blocking firewall so they are different.
