This is an old revision of the document!

How to disable ModSecurity for a single domain in .htaccess?

ModSecurity is normally enabled on server level and applied to all domains on the shared hosting server. In some circumstance, some rule/rules might cause a certain application site-breaking and you might want to disable ModSecurity for that domain in .htaccess.

As far as “AllowOverride” permitted, you can place the following directives to .htaccess:

To disable ModSecurity for that virtual host:

<IfModule mod_security.c> 

   SecRuleEngine Off
   SecRequestBodyAccess Off
</IfModule>

or to disable a certain rule for that virtual host: 

<IfModule mod_security.c>
  SecRuleRemoveById 1234567
</IfModule>

The following old syntax directives are not supported and please ensure to use the above new syntax directives. 

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>
  • Admin
  • Last modified: 2018/12/10 16:45
  • by Jackson Zhang