How to disable mod security per vhost

From Brian Nelson Ramblings
Revision as of 15:12, 6 June 2015 by Brian (Talk | contribs) (Created page with "==How to disable mod_security per vhost== ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web serv...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

How to disable mod_security per vhost

ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks.

Disable mod_security version 2

You will want to add the following to the vhost file to disable mod_security2 

<IfModule mod_security2.c>
  SecRuleEngine Off
</IfModule>

Disable mod_security version 1

You will want to add the following to the vhost file to disable mod_security 

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>

Disable mod_security for a specific directory

Sometimes you only want to disable mod_security for a specific directory

Add the following to disable the wp-admin folder for wordpress 

<IfModule mod_security2.c>
  <LocationMatch /wp-admin/>
    SecRuleEngine Off
  </LocationMatch>
</IfModule>
Retrieved from "https://briansnelson.com/index.php?title=How_to_disable_mod_security_per_vhost&oldid=843"