How to Turn Off ModSecurity for a Site

14 September 2009 Security, VPS & Dedicated, Web Hosting Leave a comment 1,558 Views

Server racks
Question: My dedicated server is running ModSecurity, but one of the websites needs it turned off in order to operate correctly. How do I turn it off for just one site?

Answer: Before you proceed, keep in mind the reason you have ModSecurity installed in the first place. It is there to prevent security problems. Turning it off opens up that site and possibly even your server to attacks. The more practical approach would be to turn off certain features of ModSecurity to accommodate that site. By default, the restrictions are pretty stringent. You can ease some of them and still provide blanket security.

Nevertheless, if you insist on turning it off completely on a site, simply enter the following into an .htaccess file for ModSecurity 1:
<ifmodule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>

For ModSecurity 2, enter the following in the site’s virtual host section of the Apache configuration file:

<ifmodule mod_security2.c> SecRuleEngine Off </ifmodule>

Photo Source: Flickr

Internetblog.org.uk Web hosting, Domain names, Dedicated servers

How to Turn Off ModSecurity for a Site

Related Articles

Check Also

Importance of web hosting to business

Facebook: a success after another

Importance of web hosting to business

Website Builder

Professional Data Centres In The UK

How to choose the right website builder and site maker

.XXX a waste of time according to porn industry

Micro-blogging on your own domain with StatusNet

How to restart Apache in Mac OS X Server

Comcast's typosquatting is a "service"

What is directory listing?