How to Disable ModSecurity for a Single Domain in .htaccess

ModSecurity is normally enabled at the server level and applied to all domains on the shared hosting server. In some circumstances, particular rules might cause an application to break the site, and you might want to disable ModSecurity for that domain in the site's .htaccess file.

As long as AllowOverride is permitted, you can place the following directives in .htaccess.

To disable ModSecurity for that virtual host:

<IfModule mod_security.c>

   SecRuleEngine Off
   SecRequestBodyAccess Off
</IfModule>

To disable a particular rule for that virtual host:

<IfModule mod_security.c>
  SecRuleRemoveById 1234567
</IfModule>

Please Note: The following old syntax directives are not supported at more since LSWS 5.3RC1. Please only use the new syntax directives as shown above. If you still have clients using the following old syntax on latest LSWS version, you can write a script to scan and update .htaccess.

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>
  • Admin
  • Last modified: 2018/12/11 14:45
  • by Jackson Zhang