Disable ModSecurity for a domain.
So you need to disable ModSecurity (aka mod_security.c) for a customer’s site. There are many reasons to do this, but generally it’s because the customer has a script that does not conform to your ModSecurity rules or keyword url matching. Don’t disable ModSecurity for the whole server, because it’s a great tool. Read this article instead!
First you should login to your server via SSH as the ‘root’ user. You should then use nano or your favorite text editor (ie. pico, vi, emacs, etc…) to open the /etc/httpd/conf/httpd.conf (sometimes /usr/local/apache/conf/httpd.conf or /etc/apache2/httpd.conf) file. Notice: You may have to edit a different file such as /etc/httpd.conf/conf.d/vhosts.conf if your server is setup to use a separate vhost configuration file. You should then locate the vhost for the domain in question and paste the following code into the vhost:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
Now you just have to save, exit and restart apache. Run service httpd restart or /etc/init.d/httpd restart or whatever script you have to restart Apache.
Tags: Apache, httpd, ModSecurity, mod_security, SecFilterEngine, SecFilterScanPOST
