LiveChat
Support
Blog
Affiliates
The error "Unable to include potential exe" is a ModSecurity false positive. It means the server's web application firewall detected something in your request that looks like an attempt to include an executable file, and blocked it. This commonly happens when uploading files, submitting forms with certain content, or using CMS features that pass file paths in URLs.
Contact Support With the Error Log Entry
This is a server-side firewall rule that you cannot fix yourself. We can add a targeted exception for your account:
- ✓ Check cPanel > Errors for the ModSecurity rule ID
- ✓ Open a ticket with the full error log entry
- ✓ We whitelist the specific rule for your account
01. What This Error Means
ModSecurity is a web application firewall (WAF) that runs on the server to protect all websites from attacks like SQL injection, cross-site scripting, and remote file inclusion. The "unable to include potential exe" rule is designed to block attempts to include executable files from remote or local sources, which is a common attack technique.
The problem is that this rule sometimes triggers on legitimate requests. If your URL, form data, or uploaded file happens to contain patterns that look like file inclusion attempts (paths with extensions like .exe, .dll, .bat, or even some .php patterns), ModSecurity blocks it.
02. Common Triggers
- File uploads - uploading files with executable extensions through a CMS or web form
- WordPress plugins - some plugins pass file paths in URLs or POST data that trigger the rule
- Form submissions - forms that contain text resembling file paths (e.g., a support form where someone pastes a Windows file path)
- File manager plugins - web-based file managers that manipulate file paths through HTTP requests
- Import/export features - CMS import tools that reference file names in the request
03. How to Fix It
- Find the error details - go to cPanel > Errors and look for the ModSecurity entry. It will include a rule ID number (like
950005or similar) and show which part of the request triggered it - Open a support ticket - include the full error log entry. We need the rule ID and the URI/parameter that triggered it
- We add a targeted exception - we whitelist that specific rule for your account or for the specific URL that triggers it. This keeps all other ModSecurity protections active
Do not ask to disable ModSecurity entirely. It protects your site from real attacks. We can surgically exclude the specific rule that's causing the false positive while keeping everything else active. See our 403 Error Guide for more on ModSecurity troubleshooting.
Getting This Error?
Copy the error log entry from cPanel > Errors and include it in your ticket. We typically resolve ModSecurity exceptions within a few hours.
Open a Support TicketQuick Recap
- This is a ModSecurity false positive - the firewall thinks your request is an attack
- Check cPanel > Errors - find the rule ID and full error details
- Open a support ticket - include the error log entry
- We add a targeted exception - keeps security active for everything else
- Don't disable ModSecurity - it protects your site from real threats
Last updated March 2026 · Browse all Troubleshooting articles · See also: 403 Errors
