Skip to main content

Documentation Index

Fetch the complete documentation index at: https://speedypage.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

ModSecurity is a web application firewall (WAF) that inspects incoming requests and blocks those that match known attack patterns: SQL injection, cross-site scripting, and other common exploits. SpeedyPage uses LiteSpeed, which is fully compatible with ModSecurity and its rulesets. ModSecurity is enabled by default on all SpeedyPage Web Hosting accounts. You should leave it on unless you have a specific reason to disable it.

How ModSecurity works

When someone visits your website or submits a form, ModSecurity checks the request against a set of security rules before it reaches your application. If a request matches a rule, ModSecurity blocks it and returns a 403 Forbidden error. This protects against many attacks automatically, but occasionally a legitimate request triggers a rule (a false positive). When that happens, you can temporarily disable ModSecurity for the affected domain while you troubleshoot.

Enable or disable ModSecurity

Log in to cPanel through your client area or at yourdomain.com/cpanel. Go to Security > ModSecurity.

All domains at once

  • Click Enable to turn ModSecurity on for every domain on your account.
  • Click Disable to turn it off for every domain. A confirmation prompt will appear — click Disable All to confirm.

Individual domains

You can control ModSecurity per domain in the domain list below the global toggle. Set a domain to On or Off as needed.
ModSecurity must be enabled globally (using the Enable button) before you can configure individual domains. If it’s disabled globally, the per-domain settings have no effect.

Troubleshooting false positives

If ModSecurity blocks a legitimate request — for example, saving a page in WordPress or submitting a form — you’ll typically see a 403 Forbidden error.
1

Confirm ModSecurity is the cause

Disable ModSecurity for the affected domain in cPanel. If the request works with ModSecurity off, you’ve found the cause.
2

Check your error logs

In cPanel, go to Metrics > Errors to see recent error log entries. ModSecurity blocks are logged with the rule ID that triggered. Note this rule ID if you plan to contact support.
3

Contact support if needed

If you need a specific rule excluded for your account, contact SpeedyPage support with the rule ID and a description of what you were doing when the block occurred.
4

Re-enable ModSecurity

Once the issue is resolved, turn ModSecurity back on for the domain. Don’t leave it disabled longer than necessary.
Disabling ModSecurity removes all WAF protection for that domain. Only disable it temporarily for troubleshooting, and re-enable it as soon as possible.
For other ways to protect your hosting account, see Hosting security best practices.