How to disable a rule in ModSecurity Apache

To disable a rule in ModSecurity, edit Apache configuration, add

SecRuleRemoveById RULE_ID_SEPERATED_BY_SPACE

This needed to be added after all rules were loaded.

On Ubuntu, I edited the file

/etc/apache2/mods-enabled/security2.conf

Here is what I have in a server which disables rules 941180 949110 980130

<IfModule security2_module>
	# Default Debian dir for modsecurity's persistent data
	SecDataDir /var/cache/modsecurity

	# Include all the *.conf files in /etc/modsecurity.
	# Keeping your local configuration in that directory
	# will allow for an easy upgrade of THIS file and
	# make your life easier
        IncludeOptional /etc/modsecurity/*.conf

	# Include OWASP ModSecurity CRS rules if installed
	IncludeOptional /usr/share/modsecurity-crs/*.load
        SecRuleRemoveById 941180 949110 980130
</IfModule>

Back to ModSecurity

How to disable a rule in ModSecurity Apache

Comments

Leave a Reply Cancel reply

More posts

How to stop all services on a cpanel server

Upgrade MariaDB 10.3 to 10.5 on Ubuntu 20.04

How to hide a WordPress Plugin

Server-to-Server File Transfer with PHP Script