How to disable mod security per vhost

From Brian Nelson Ramblings
Jump to: navigation, search

How to disable mod_security per vhost

ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks.

Disable mod_security version 2

You will want to add the following to the vhost file to disable mod_security2

<IfModule mod_security2.c>
  SecRuleEngine Off
</IfModule>

Disable mod_security version 1

You will want to add the following to the vhost file to disable mod_security

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>

Disable mod_security for a specific directory

Sometimes you only want to disable mod_security for a specific directory

Add the following to disable the wp-admin folder for wordpress

<IfModule mod_security2.c>
  <LocationMatch /wp-admin/>
    SecRuleEngine Off
  </LocationMatch>
</IfModule>