Disable ModSecurity for a specific URL

On a web site that is protected with ModSecurity, when admin edit HTML pages in admin area, ModSecurity falsely detect it as XSS attack.

ModSecurity

What we can do is disable specific rules that create this false positive. But in this case, it is bceause HTML is submitted. This application normally done need HTML submitted on any other part of the site. So it is better just disable ModSecurity for the specific URL that cause this error.

To do this, add following code to Apache VirtualHost entry for this web site.

This will disable ModSecurity for URLs /admin_area/manage_pages.php and /admin_area/edit_announcement.php

Add a Comment

Your email address will not be published. Required fields are marked *