Differences

This shows you the differences between two versions of the page.

--- modsecurity:excluding_hosts_and_directories [2016/10/14 14:14] – created peter
+++ modsecurity:excluding_hosts_and_directories [2019/11/30 14:17] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== ModSecurity - Excluding Hosts and Directories ======
-Sometimes it makes sense to exclude a particular directory or a domain name if it is running an application like phpMyAdmin as modsecurity and will block SQL queries.  It is also better to exclude admin backends of CMS applications like WordPress.
-To disable modsecurity for a complete VirtualHost place the following
-<code apache>
-<IfModule security2_module>
-    SecRuleEngine Off
-</IfModule>
-</code>
-inside the <VirtualHost> section.
-For a particular directory:
-<code apache>
-<Directory "/var/www/wp-admin">
-    <IfModule security2_module>
-        SecRuleEngine Off
-    </IfModule>
-</Directory>
-</code>
-If you don't want to completely disable modsecurity, use the **SecRuleRemoveById** directive to remove a particular rule or rule chain by specifying its ID.
-<code apache>
-<LocationMatch "/wp-admin/update.php">
-    <IfModule security2_module>
-        SecRuleRemoveById 981173
-    </IfModule>
-</LocationMatch>
-</code>