This is an old revision of the document!
How to disable ModSecurity for a single domain in .htaccess?
ModSecurity is normally enabled on server level and applied to all domains on the shared hosting server. In some circumstance, some rule/rules might cause a certain application site-breaking and you might want to disable ModSecurity for that domain in .htaccess.
As far as “AllowOverride” permitted, you can place the following directives to .htaccess:
To disable ModSecurity for that virtual host:
<IfModule mod_security.c>
SecRuleEngine Off SecRequestBodyAccess Off </IfModule>
or to disable a certain rule for that virtual host:
<IfModule mod_security.c> SecRuleRemoveById 1234567 </IfModule>
The following old syntax directives are not supported and please ensure to use the above new syntax directives.
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>