Disable modsec2 on a per-domain basis

[Kirsle]

I have a site hosted on a shared server with a web hosting company I work at. It's a CPanel/WHM-managed server with Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5

I need mod_security to be disabled just for my domain names, because I have a page named "about" and this always turns up a 406 Not Accepted error page, because the word "about" trips mod_security's rules.

I did some Google searches on how to do this and found the following things that could be added to .htaccess:

SecFilterEngine Off
SecFilterScanPOST Off

This gets a 500 Internal Error with:

[Wed Feb 20 08:11:06 2008] [alert] [client 69.16.222.179] /home/cuvou/public_html/.htaccess: Invalid command 'SecFilterEngine', perhaps misspelled or defined by a module not included in the server configuration

I found this one that's allegedly for modsec2:

SecRuleEngine Off

That gets

[Wed Feb 20 08:13:15 2008] [alert] [client 69.16.222.179] /home/cuvou/public_html/.htaccess: SecRuleEngine not allowed here

The only way I could find to disable it for my domain is to manually edit the whitelist file at /usr/local/apache/conf/modsec2/whitelist.conf. It seems like there should be a better way to do it.

-------------
Cuvou.com | My personal homepage
Project Fearless | My web blog

 

[Kirsle]

I got an e-mail asking how I did this, so here's what I had to do:

Edit /usr/local/apache/conf/modsec2/whitelist.conf and add these lines:

SecRule SERVER_NAME "cuvou.com" phase:1,nolog,allow,ctl:ruleEngine=off
SecRule SERVER_NAME "cuvou.net" phase:1,nolog,allow,ctl:ruleEngine=off
SecRule SERVER_NAME "cuvou.org" phase:1,nolog,allow,ctl:ruleEngine=off
SecRule SERVER_NAME "kirsle.net" phase:1,nolog,allow,ctl:ruleEngine=off

etc. for each domain. Luckily my server had other whitelisted domains so I just had to copy the syntax for each of my domains.

-------------
Cuvou.com | My personal homepage
Project Fearless | My web blog