ModSecure – exempting a domain

Having installed modSecure2 onto a few web servers, it seems that, even with the base_rules do not get on well with Actinic software. Our options were to start removing rules from within the base_rules set or simply exclude the domain from the modSecure system altogether. The quick and dirty method is the latter, here is how to do it. We are editing the httpd.conf file or in our case the http-vhosts.conf.

<Virtualhost>
 ....
 ....
 <Directory /path/to/directory >
  <IfModule security2_module>
    SecRuleEngine Off
  </IfModule>
 </Directory>
</Virtualhost>

Job Done!

This entry was posted in Apache, FreeBSD Administration and tagged , , , . Bookmark the permalink.

Leave a Reply