How to check ModSecurity in cPanel when a 403 error appears

ModSecurity is a web application firewall that cPanel can apply per domain to block suspicious requests. If your site shows a 403 error when saving a form, uploading content, or opening the admin area, this check helps you confirm whether the rule comes from ModSecurity without leaving the site unprotected longer than necessary.

Use the change only as a temporary test. If the error disappears when ModSecurity is disabled, turn it back on and share the exact time, URL, and action with support so support can adjust the right rule.

Before you start

• Have access to cPanel for the account where the affected domain lives.
• Write down the URL where the 403 error appears and the action that triggers it.
• Run the test in a private window to avoid cache or old sessions.
• Avoid disabling ModSecurity on domains you are not reviewing.

Check whether ModSecurity may be involved

1. Log in to cPanel and find the Security section.
2. Open ModSecurity.
3. Locate the domain or subdomain where the 403 error appears.
4. Confirm whether the status is enabled before making changes.
5. Keep the site tab open so you can repeat the same action after the test.

Disable it temporarily for one domain

1. In the affected domain row, change the status from On to Off or use the available switch.
2. Wait for cPanel to confirm the change before leaving the screen.
3. Do not change the status of other domains even if they are in the same account.
4. Return to the URL where the 403 error appears and repeat exactly the same action.
5. If the error disappears, note the time, URL, and form or file you were using.

Test and turn protection back on

1. If the site worked with ModSecurity disabled, go back to cPanel → Security → ModSecurity.
2. Change the domain from Off to On to restore protection.
3. Repeat the action once more to confirm whether the block returns.
4. If the block returns, open a ticket with the test time, affected URL, and what you were trying to save or upload.

When to contact support

• The ModSecurity button does not appear or does not let you change the status.
• The 403 error continues even when ModSecurity is disabled for that domain.
• The site needs to work with one specific rule allowed without turning off the full protection.
• The block happens on a payment screen, login, API, or public form with real traffic.

Common errors

• The 403 error disappears only when ModSecurity is off → a rule is blocking a legitimate request → turn it back on and ask for a rule review with the exact time and URL.
• The error stays the same after disabling ModSecurity → the cause may be permissions, .htaccess, a plugin, or site code → review recent changes before turning off more protections.
• Another domain starts failing after the test → the wrong switch was changed → restore the original status and review only the affected domain.

Recommended reading

• How to scan for malware with ImunifyAV in cPanel
• How to block IP addresses in cPanel IP Blocker
• How to protect a folder with Directory Privacy in cPanel